拉取镜像
shell
docker pull logstash:7.17.7创建容器
shell
docker run -it \
--name logstash \
--privileged \
-p 5044:5044 \
-p 9600:9600 \
--network wn_docker_net \
--ip 172.18.12.72 \
-v /etc/localtime:/etc/localtime \
-d logstash:7.17.7配置容器
logstash.yml
shell
path.logs: /usr/share/logstash/logs
config.test_and_exit: false
config.reload.automatic: false
http.host: "0.0.0.0"
xpack.monitoring.elasticsearch.hosts: [ "http://192.168.201.61:9200" ]使用docker cp放到容器内/usr/share/logstash/config目录下
piplelines.xml
xml
- pipeline.id: main
path.config: "/usr/share/logstash/pipeline/logstash.conf" 使用docker cp放到容器内/usr/share/logstash/config目录下
logstash.conf
yml
input {
tcp {
mode => "server"
host => "0.0.0.0"
port => 5044
codec => json_lines
}
}
filter{
}
output {
elasticsearch {
hosts => ["192.168.201.61:9200"] #elasticsearch的ip地址
index => "ssc-logs" #索引名称
}
stdout { codec => rubydebug }
}使用docker cp放到容器内/usr/share/logstash/pipeline目录下
docker restart重启容器即可