Docker安装部署ELK教程 (Elasticsearch+Kibana+Logstash+Filebeat)
<h3><span style="color: rgba(128, 128, 0, 1)"><strong>ELK是由 Elasticsearch、Logstash和Kibana 三部分组件组成。</strong></span></h3><p><span style="color: rgba(255, 153, 0, 1)">Elasticsearch 是个开源分布式搜索引擎,它的特点有:分布式,零配置,自动发现,索引自动分片,索引副本机制,restful风格接口,多数据源,自动搜索负载等。</span></p>
<p><span style="color: rgba(255, 153, 0, 1)">Logstash 是一个完全开源的工具,它可以对你的日志进行收集、分析,并将其存储供以后使用 </span></p>
<p><span style="color: rgba(255, 153, 0, 1)">kibana 是一个开源和免费的工具,它可以为 Logstash 和 ElasticSearch 提供的日志分析友好的 Web 界面,可以帮助您汇总、分析和搜索重要数据日志。</span></p>
<p><span style="color: rgba(255, 153, 0, 1)">+</span></p>
<p><span style="color: rgba(255, 153, 0, 1)">Filebeat 是用于单用途数据托运人的平台。它们以轻量级代理的形式安装,并将来自成百上千台机器的数据发送到 Logstash 或 Elasticsearch。<br></span></p>
<p> </p>
<p> </p>
<p> Docker 镜像统一从 https://hub.docker.com/ 下载 (安装时请使用统一版本)</p>
<p> </p>
<h4><strong>一</strong>、Docker 安装 Elasticsearch</h4>
<p>官网镜像地址:https://hub.docker.com/_/elasticsearch</p>
<p>找到目前最新的(Tags)是 7.1.1</p>
<div class="cnblogs_code">
<pre># 下载镜像 查看镜像<br>docker pull elasticsearch:<span style="color: rgba(128, 0, 128, 1)">7.1</span>.<span style="color: rgba(128, 0, 128, 1)">1<br></span></pre>
<pre>docker images</pre>
</div>
<h3><img src="https://img2018.cnblogs.com/blog/1582745/201906/1582745-20190611185859779-1462120318.png" alt="" width="680" height="85"></h3>
<div class="cnblogs_code">
<pre># 创建自定义的网络(用于连接到连接到同一网络的其他服务(例如Kibana))<br>docker network create somenetwork <br><em><br># 运行 </em>elasticsearch<br><em>docker run -d --name elasticsearch --net somenetwork -p 9200:9200 -p 9300:9300 -e "discovery.type=single-node" elasticsearch:7.1.1<br><br># 查看容器状态<br></em>docker ps</pre>
</div>
<p><img src="https://img2018.cnblogs.com/blog/1582745/201906/1582745-20190611190237667-2087332888.png" alt="" width="1604" height="72"></p>
<div class="cnblogs_code">
<pre># 检测 elasticsearch 是否启动成功<br>curl <span style="color: rgba(128, 0, 128, 1)">127.0</span>.<span style="color: rgba(128, 0, 128, 1)">0.1</span>:<span style="color: rgba(128, 0, 128, 1)">9200</span></pre>
</div>
<p><img src="https://img2018.cnblogs.com/blog/1582745/201906/1582745-20190611190508108-1529487266.png" alt="" width="383" height="276"></p>
<pre>Elasticsearch 安装启动完成</pre>
<p> </p>
<h4>二、Docker 安装 Kibana</h4>
<p>官网镜像地址:https://hub.docker.com/_/kibana</p>
<p>使用和 elasticsearch 相同版本镜像 7.1.1 (不一样可能会出现问题)</p>
<div class="cnblogs_code">
<pre># 下载镜像 查看镜像<br>docker pull kibana:7.1.1</pre>
<pre>docker images</pre>
</div>
<p><em style="font-family: "Courier New"; font-size: 12px"><em style="font-family: "PingFang SC", "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 14px"><img src="https://img2018.cnblogs.com/blog/1582745/201906/1582745-20190611191726555-766382833.png" alt="" width="673" height="91"></em></em></p>
<p>注意:在本例中,Kibana使用默认配置,并希望连接到正在运行的Elasticsearch实例http://localhost:9200</p>
<div class="cnblogs_code">
<pre># 运行 Kibana<br><code class="language-console">docker run -d --name kibana --net somenetwork -p 5601:5601 kibana:7.1.1<br><br># 查看容器启动状态<br>docker ps</code></pre>
</div>
<p> <img src="https://img2018.cnblogs.com/blog/1582745/201906/1582745-20190611192218228-904415447.png" alt="" width="1594" height="92"></p>
<p>访问 http://127.0.0.1:5601 (启动可能会较慢,如失败等几秒再尝试刷新一下)</p>
<p><img src="https://img2018.cnblogs.com/blog/1582745/201906/1582745-20190611192326476-1326817783.png" alt="" width="590" height="183"></p>
<p> </p>
<h4>Kibana 安装启动完成</h4>
<p> </p>
<h4>三、Docker 安装 Logstash</h4>
<p>官网镜像地址:https://hub.docker.com/_/logstash</p>
<p>使用同版本镜像 7.1.1 </p>
<div class="cnblogs_code">
<pre><span style="color: rgba(0, 0, 0, 1)"># 下载镜像 查看镜像
docker pull logstash:</span><span style="color: rgba(128, 0, 128, 1)">7.1</span>.<span style="color: rgba(128, 0, 128, 1)">1</span><span style="color: rgba(0, 0, 0, 1)">
docker images</span></pre>
</div>
<p><img src="https://img2018.cnblogs.com/blog/1582745/201906/1582745-20190611193558890-719513393.png" alt="" width="738" height="96"></p>
<p> </p>
<div class="cnblogs_code">
<pre>我在工作目录建立一个 docker 目录 并在里面创建了 logstash 目录,用来存放所有配置</pre>
</div>
<p> </p>
<p><img src="https://img2018.cnblogs.com/blog/1582745/201906/1582745-20190614190211239-63983181.png" alt="" width="313" height="110"></p>
<div class="cnblogs_Highlighter">
<pre class="brush:csharp;gutter:true;">里面放了 logstash 的配置文件</pre>
</div>
<p> <img src="https://img2018.cnblogs.com/blog/1582745/201906/1582745-20190614190402368-621546536.png" alt="" width="354" height="144"></p>
<div class="cnblogs_code">
<pre><span style="color: rgba(0, 0, 0, 1)">logstash.yml (文件内容)
path.config: </span>/usr/share/logstash/conf.d<span style="color: rgba(0, 128, 0, 1)">/*</span><span style="color: rgba(0, 128, 0, 1)">.conf
path.logs: /var/log/logstash</span></pre>
</div>
<div class="cnblogs_code">
<pre>conf.d/<span style="color: rgba(0, 0, 0, 1)">test.conf (文件内容)
input {
beats {
port </span>=> <span style="color: rgba(128, 0, 128, 1)">5044</span><span style="color: rgba(0, 0, 0, 1)">
codec </span>=> <span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">json</span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(0, 0, 0, 1)">
}
}
output {
elasticsearch { hosts </span>=> [<span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(128, 0, 0, 1)">elasticsearch:9200</span><span style="color: rgba(128, 0, 0, 1)">"</span><span style="color: rgba(0, 0, 0, 1)">] }
stdout { codec </span>=><span style="color: rgba(0, 0, 0, 1)"> rubydebug }
}</span></pre>
</div>
<div class="cnblogs_code">
<div class="cnblogs_code">
<pre>启动 Logstash <br><br>记得映射上面两个目录 {path}<br><br>docker run -it -d -p 5044:5044 --name logstash --net somenetwork -v {path}/logstash.yml:/usr/share/logstash/config/logstash.yml -v {path}/conf.d/:/usr/share/logstash/conf.d/ logstash:7.1.1<br><br>查看容器运行状态<br>docker ps </pre>
</div>
</div>
<h4><img src="https://img2018.cnblogs.com/blog/1582745/201906/1582745-20190614192201752-1827074561.png" alt="" width="1433" height="124"></h4>
<div class="cnblogs_code">
<pre>启动成功</pre>
</div>
<p> </p>
<h4>四、Docker 安装 Filebeat</h4>
<p>官网镜像地址:https://hub.docker.com/_/filebeat</p>
<p><em>使用同版本镜像 7.1.1 </em></p>
<div class="cnblogs_code">
<pre><span style="color: rgba(0, 0, 0, 1)"># 下载镜像 查看镜像
docker pull store/elastic/filebeat:</span><span style="color: rgba(128, 0, 128, 1)">7.1</span>.<span style="color: rgba(128, 0, 128, 1)">1</span><span style="color: rgba(0, 0, 0, 1)">
docker images</span></pre>
</div>
<p><img src="https://img2018.cnblogs.com/blog/1582745/201906/1582745-20190613190649254-741401381.png" alt="" width="752" height="109"></p>
<div class="cnblogs_code">
<div class="cnblogs_code">
<pre><span style="color: rgba(0, 0, 0, 1)"># 下载默认官方配置文件 (暂时在当前目录创建一个 filebeat 目录 用来放 filebeat 配置文件)<br>curl -L -O https://raw.githubusercontent.com/elastic/beats/7.1/deploy/docker/filebeat.docker.yml<br><br># 打开配置文件<br>vim </span>filebeat.docker.yml</pre>
<img src="https://img2018.cnblogs.com/blog/1582745/201906/1582745-20190614191328010-1836750042.png" alt="" width="321" height="91">
<pre><br><br># 增加下面的配置 (收集 .log 数据 把数据发送到当前网络5044端口 (logstash 端口) )<br># 这个地方的 .log 要保证有几条测试数据</pre>
<pre><br>filebeat.inputs:<br>- type: log<br><em id="__mceDel"><em id="__mceDel">enabled: true<br></em></em><em id="__mceDel"><em id="__mceDel"><em id="__mceDel"><em id="__mceDel"><em id="__mceDel"><em id="__mceDel"><em id="__mceDel"><em id="__mceDel"><em id="__mceDel">paths:<br></em></em></em></em></em></em></em></em></em><em><em><em><em><em><em><em><em><em><em><em>- /var/log/nginx/*.log<br></em></em></em></em></em></em></em></em></em></em></em><em id="__mceDel"><br>output.logstash:<br></em><em id="__mceDel"><em id="__mceDel">hosts: ['{ip}:5044']</em></em></pre>
<pre><em id="__mceDel"><em id="__mceDel"><em id="__mceDel"><em id="__mceDel"><em id="__mceDel"><em id="__mceDel"><em id="__mceDel"><em id="__mceDel"><em id="__mceDel"><em id="__mceDel"><em id="__mceDel"> </em></em></em></em></em></em></em></em></em></em></em></pre>
<pre><span style="color: rgba(0, 0, 0, 1)"><br># 运行Filebeat<br><br># 请更改下面两个路径<br>{nginx-path} = 本地的日志文件目录(映射到容器中 作为数据源)<br>{path} = Filebeat配置文件路径 <br>{ip} = </span>elasticsearch 地址</pre>
<pre><code class="language-console">docker run </code><em id="__mceDel"><code class="language-console">--name filebeat </code><em id="__mceDel"><code class="language-console">--user=root -d --net somenetwork --volume="{nginx-path}:/var/log/nginx/" --volume="{path}/filebeat.docker.yml:/usr/share/filebeat/filebeat.yml:ro" --volume="/var/lib/docker/containers:/var/lib/docker/containers:ro" --volume="/var/run/docker.sock:/var/run/docker.sock:ro" store/elastic/filebeat:7.1.1</code></em></em></pre>
<pre><em id="__mceDel"><code class="language-console"> </code></em></pre>
</div>
</div>
<div class="cnblogs_code">
<pre><em id="__mceDel"><code class="language-console"><br># 查看容器启动状态<br></code><em id="__mceDel"><code class="language-console">docker ps</code></em></em></pre>
</div>
<p><img src="https://img2018.cnblogs.com/blog/1582745/201906/1582745-20190614192058550-595709513.png" alt="" width="1613" height="131"></p>
<p> </p>
<p> </p>
<p> </p>
<div class="cnblogs_code">
<pre>启动成功 <br><br>现在去 Kibana 查看数据,已经有数据了<em id="__mceDel" style="background-color: rgba(255, 255, 255, 1); font-family: "PingFang SC", "Helvetica Neue", Helvetica, Arial, sans-serif; font-size: 14px"><em id="__mceDel"> </em></em></pre>
</div>
<p><img src="https://img2018.cnblogs.com/blog/1582745/201906/1582745-20190614192533132-758381878.png" alt="" width="1473" height="769"></p>
<p> </p>
<div class="cnblogs_code">
<pre><span style="color: rgba(0, 0, 0, 1)">(大家不要拿来命令就执行啊,中间有些路径之类的要自己改改。)<br><br>到此 最基本的几个软件通讯配置 结束了。
还有很多要探索的地方。
待续...</span></pre>
</div>
<p> </p>
<p> </p>
<style>p.p1 { margin: 0; font: 12px "Helvetica Neue" }</style>
<style>p.p1 { margin: 0; font: 12px "Helvetica Neue" }</style>
</div>
<div id="MySignature" role="contentinfo">
生命在于过程, 每天一点点.<br><br>
来源:https://www.cnblogs.com/fbtop/p/11005469.html
頁:
[1]