ELK7.5.0 安装手记

2019-12-11  本文已影响0人  古刹飞鹰

一、准备

docker pull docker.elastic.co/elasticsearch/elasticsearch:7.5.0
docker pull docker.elastic.co/kibana/kibana:7.5.0
docker pull docker.elastic.co/logstash/logstash:7.5.0
#用于存放elk的配置文件,以便挂载
mkdir -P /dataStore/docker_config/elasticsearch
mkdir -P /dataStore/docker_config/kibana
mkdir -P /dataStore/docker_config/logstash
# 用于存放elasticsearch的数据,在docker镜像启动时,会用-v 参数挂载
mkdir -P /dataStore/docker_datas/elasticsearch
# 用于存放启动脚本
mkdir -P /dataStore/docker_run/

二、安装elasticsearch

docker run --rm -itd -e "discovery.type=single-node" www.v246.com/elasticsearch:7.5
docker cp  007809a9bac1:/usr/share/elasticsearch/config /dataStore/docker_config/elasticsearch/config
vi /dataStore/docker_config/elasticsearch/config/elasticsearch.yml
cluster.name: "docker-cluster"
network.host: 0.0.0.0
# 开启xpack
xpack.security.enabled: true
chown 1000:1000 /dataStore/docker_datas/elasticsearch/ -R
vi /dataStore/docker_run/elasticsearch.sh
docker run  -p 9200:9200 -p 9300:9300 -itd --name elasticsearch -e "discovery.type=single-node"  --privileged=true -v /dataStore/docker_datas/elasticsearch:/usr/share/elasticsearch/data:z  -v /dataStore/docker_config/elasticsearch/config:/usr/share/elasticsearch/config  www.v246.com/elasticsearch:7.5

进入elasticsearch 镜像内部,初始化elasticsearch的访问密码。

docker exec -it elasticsearch bash
/usr/share/elasticsearch/bin/elasticsearch-setup-passwords interactive

Enter password for [elastic]:
Reenter password for [elastic]:
Enter password for [apm_system]:
Reenter password for [apm_system]:
Enter password for [kibana]:
Reenter password for [kibana]:
Enter password for [logstash_system]:
Reenter password for [logstash_system]:
Enter password for [beats_system]:
Reenter password for [beats_system]:
Enter password for [remote_monitoring_user]:
Reenter password for [remote_monitoring_user]:
Changed password for user [apm_system]
Changed password for user [kibana]
Changed password for user [logstash_system]
Changed password for user [beats_system]
Changed password for user [remote_monitoring_user]
Changed password for user [elastic]

三、安装kibana

docker run  --rm -itd www.v246.com/kibana:7.5.0
docker cp  2880f2bbe0a6:/usr/share/kibana/config /dataStore/docker_config/kibana/config
server.name: kibana
server.host: "0"
elasticsearch.hosts: [ "http://elasticsearch:9200" ]
xpack.monitoring.ui.container.elasticsearch.enabled: true
# 加入下面两个配置
elasticsearch.username: "kibana"
elasticsearch.password: "A0c7y1-5"
vi /dataStore/docker_run/kibana.sh
#配合上面的配置文件,有木有发现,下面的启动命令,有些配置是不是可以省略呢
docker run --name kibana -d -p 5601:5601 --link elasticsearch -v /dataStore/docker_config/kibana/config:/usr/share/kibana/config -e ELASTICSEARCH_URL=http://elasticsearch:9200 www.v246.com/kibana:7.5.0

四、安装logstash

docker run --rm -itd www.v246.com/logstash:7.5.0
docker cp 034dc9b38435:/usr/share/logstash/config /dataStore/docker_config/logstach/config
vi logstash.conf
input {
  beats {
    host => "0.0.0.0"
    port => "5044"
  }
}


output {
  stdout { codec => rubydebug }
  elasticsearch {
        hosts => [ "elasticsearch:9200" ]
        index => "%{[fields][doc_type]}-%{+YYYY.MM.dd}"
        user => "logstash_system"
        password => "A0c7y1-5"
    }
}

vi /dataStore/docker_run/logstash.sh
#注意这里里,最后的-f参数,它是logstash用到的参数,而不是docer的参数
docker run --rm -itd --name logstash  --link elasticsearch -p 5044:5044 -p 9600:9600 -v /dataStore/docker_config/logstach/config:/usr/share/logstash/conig  www.v246.com/logstash:7.5.0 -f /usr/share/logstash/conig/logstash.conf

至此,ELK服务便已经完成安装,下面就需要到业务服务器上将业务数据比如日志什么的传输到ELK

五、安装Filebeat

docker pull docker.elastic.co/beats/filebeat:7.5.0

官方的beat工具有很多,这里就以filebeat为例

 vi /dataStore/docker_config/filebeat/filebeat.yml
filebeat.inputs:
- paths:
    - /home/logs/webServers/tomcat8/tomcat1/logs/catalina.out
  multiline:
      pattern: ^\d{4}
      negate: true
      match: after
  fields:
    doc_type: tomcat_logs2
- paths:
    - /home/logs/webServers/tomcat8/tomcat2/logs/catalina.out
  multiline:
      pattern: ^\d{4}
      negate: true
      match: after
  fields:
    doc_type:tomcat_logs3
- paths:
    - /home/logs/webServers/nginx/logs/error.log
  multiline:
      pattern: ^\d{4}
      negate: true
      match: after
  fields:
    doc_type: nginx_error_1
output.logstash: # 输出地址
  hosts: ["10.4.60.16:5044"]

docker run --rm --name filebeat -itd  -v /dataStore/docker_config/filebeat/filebeat.yml:/usr/share/filebeat/filebeat.yml -v /dataStore/webServers:/home/logs/webServers/ www.v246.com/filebeat:7.5.0

上一篇下一篇

猜你喜欢

热点阅读