【每日一记9】+第2天:docker部署elk 7.7.1

docker run  -p 9200:9200 -p 9300:9300 \

-e ES_JAVA_OPTS="-Xms1024m -Xmx1024m" \

-v /data/elk/conf/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml \

-v /data/elk/data/:/elasticsearch/data \

-v /data/elk/logs:/elasticsearch/logs \

--name='elasticsearch' --cpuset-cpus="1" -m 2G -d elasticsearch:7.7.1

cat elasticsearch.yml cluster.name: es-master node.name: elk-node-1 path.data: /elasticsearch/data path.logs: /elasticsearch/logs http.host: 0.0.0.0 discovery.zen.minimum_master_nodes: 1 http.cors.enabled: true http.cors.allow-origin: "*" xpack.license.self_generated.type: basic

docker run -p 5601:5601 \

--name kibana \

-v /data/elk/kibana/kibana.yml:/usr/share/kibana/config/kibana.yml \

-d kibana:7.7.1

cat kibana.yml server.port: 5601 server.host: "0.0.0.0" elasticsearch.hosts: ["http://192.168.1.249:9200"]

docker run -p 5044:5044 --name logstash -d \

-v /data/elk/logstash/logstash.conf:/usr/share/logstash/pipeline/logstash.conf \

-v /data/elk/logstash/logstash.yml:/usr/share/logstash/config/logstash.yml \

logstash:7.7.1

cat logstash.yml http.host: "0.0.0.0" xpack.monitoring.elasticsearch.hosts: [ "http://192.168.1.249:9200" ] cat logstash.conf input {      beats{         port => "5044"      }      gelf {         port => "12201"      } } filter {     grok {       match => { "message" => "%{TIMESTAMP_ISO8601:timestamp}\s+%{LOGLEVEL:severity}\s+\[%{DATA:service},%{DATA:trace},%{DATA:span},%{DATA:exportable}\]\s+%{DATA:pid}\s+---\s+\[%{DATA:thread}\]\s+%{DATA:class}\s+\[%{DATA:method}\]\s+\[%{DATA:lineNum}\]\s+:\s+%{GREEDYDATA:rest}" }     }     date {         match => ["timestamp","yyyy-MM-dd HH:mm:ss.SSS"]         target => "@timestamp"     }     ruby {         code => "event.timestamp.time.localtime"     }       mutate {            #remove_field => ["message"]         remove_field => ["@version"]         remove_field => ["prospector"]         remove_field => ["tags"]         remove_field => ["input"]         remove_field => ["offset"]         #remove_field => ["beat"]         #remove_field => ["host"]     } } output {   stdout {    codec => rubydebug { }   }   elasticsearch {     codec  => "json"     hosts => ["192.168.1.249"]     # user => "elastic"     # password => "jAouRx2m"     index => "%{[@metadata][beat]}-%{+YYYY.MM.dd}"     document_type => "%{[@metadata][type]}"   } }

docker run --name filebeat -d \

-v /data/spring-cloud/:/data/spring-cloud/:ro \

-v /data/elk/filebeat/filebeat.yml:/usr/share/filebeat/filebeat.yml \

elastic/filebeat:7.7.1

cat filebeat.yml filebeat.inputs: - type: log    enabled: true    paths:       - /data/spring-cloud/*/logs/*.log    multiline.pattern: '^[0-9]{4}-[0-9]{2}-[0-9]{2}'    multiline.negate: true    multiline.match: after    multiline.timeout: 5s filebeat.config.modules:   path: ${path.config}/modules.d/*.yml   reload.enabled: false output.logstash:   hosts: ["192.168.1.249:5044"]

感谢分享

感谢分享

感谢分享。