创建elk网络
docker network create -d bridge elk
elasticsearch
创建目录
mkdir -p /data/elasticsearch/{conf,logs,data,plugins}
vim /data/elasticsearch/conf/elasticsearch.yml
cluster.name: "es-cluster"
network.host: 0.0.0.0
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
http.cors.allow-origin: "*"
http.cors.enabled: true
权限更改
chmod 666 /data/elasticsearch/conf/elasticsearch.yml
chmod -R 777 /data/elasticsearch/data
启动
docker run --privileged \
--name elasticsearch \
--restart=always --net elk \
-p 9200:9200 -p 9300:9300 \
-v /data/elasticsearch/data:/usr/share/elasticsearch/data \
-v /data/elasticsearch/conf/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml \
-v /data/elasticsearch/logs:/data/logs \
-v /data/elasticsearch/plugins:/usr/share/elasticsearch/plugins \
-v /etc/localtime:/etc/localtime \
-e ES_JAVA_OPTS="-Xms12g -Xmx12g" \
-e "discovery.type=single-node" \
-d elasticsearch:7.17.7
设置密码
# 进入容器
docker exec -it elasticsearch /bin/bash
# 进入设置密码目录
cd /usr/share/elasticsearch/bin
# 设置密码
elasticsearch-setup-passwords interactive
#设置完成后操作 退出容器
exit
# 重启容器
docker restart elasticsearch
涉及到的用户名
Changed password for user [apm_system]
Changed password for user [kibana_system]
Changed password for user [kibana]
Changed password for user [logstash_system]
Changed password for user [beats_system]
Changed password for user [remote_monitoring_user]
Changed password for user [elastic]
验证
curl http://127.0.0.1:9200 -u elastic:密码
es 地址
http://ip:9200
kibana
启动一个服务
docker run -d --name kibana --net elk -P -e "ELASTICSEARCH_HOSTS=http://elasticsearch:9200" -e "I18N_LOCALE=zh-CN" kibana:7.17.7
创建目录
mkdir -p /data/kibana/{conf,logs,data,plugins}
拷贝文件
docker cp kibana:/usr/share/kibana/config/kibana.yml /data/kibana/conf/kibana.yml
修改配置文件
vim /data/kibana/conf/kibana.yml
server.host: "0.0.0.0"
server.shutdownTimeout: "5s"
elasticsearch.hosts: [ "http://elasticsearch:9200" ]
elasticsearch.username: "kibana_system"
elasticsearch.password: "密码"
monitoring.ui.container.elasticsearch.enabled: true
i18n.locale: zh-CN
权限更改
chmod 777 /data/kibana/data
chmod 666 /data/kibana/conf/kibana.yml
删除容器
docker rm -f kibana
启动
docker run -d --name kibana --restart=always --net elk -p 5601:5601 \
-v /data/kibana/conf/kibana.yml:/usr/share/kibana/config/kibana.yml \
-v /data/kibana/data:/usr/share/kibana/data \
-v /data/kibana/plugins:/usr/share/kibana/plugins \
-v /data/kibana/logs:/usr/share/kibana/logs \
kibana:7.17.7
kibana 地址
http://ip:5601
logstash
启动一个服务
docker run -d -P --name logstash --net elk docker.elastic.co/logstash/logstash:7.17.12
创建目录
mkdir -p /data/logstash/{conf,data,pipeline}
拷贝文件
docker cp logstash:/usr/share/logstash/config/ /data/logstash/conf/
docker cp logstash:/usr/share/logstash/data/ /data/logstash/data/
docker cp logstash:/usr/share/logstash/pipeline/ /data/logstash/pipeline/
修改配置文件
vim /data/logstash/conf/logstash.yml
http.host: "0.0.0.0"
xpack.monitoring.elasticsearch.hosts: [ "http://elasticsearch:9200" ]
vim /data/logstash/pipeline/logstash.conf
input {
tcp {
mode => "server"
host => "0.0.0.0"
port => 5044
codec => json_lines
}
}
output {
if [appindex] =~ "xxx"
{
elasticsearch {
hosts => ["http://elasticsearch:9200"]
index => "log-%{+YYYY.MM.dd}"
user => "logstash_system"
password => "密码"
}
}
}
权限更改
chmod -R 777 /data/logstash/data/
chmod -R 666 /data/logstash/conf/
删除容器
docker rm -f logstash
启动
docker run -d --name logstash --net elk \
--privileged=true \
-p 5044:5044 -p 9600:9600 \
-v /data/logstash/data/:/usr/share/logstash/data \
-v /data/logstash/conf/:/usr/share/logstash/config \
-v /data/logstash/pipeline/:/usr/share/logstash/pipeline \
docker.elastic.co/logstash/logstash:7.17.12
logstash 收集地址
ip:5044