手把手教你使用docker一键搭建elk日志系统(含源码)
准备镜像
此处使用 组件:
- elasticsearch:7.6.2
- kibana:7.6.2
- logstash:7.6.2
使用docker 下载镜像
# 下载elasticsearch镜像
docker pull elasticsearch:7.6.2
# 下载kibana镜像
docker pull kibana:7.6.2
# 下载logstash镜像
docker pull logstash:7.6.2
编写配置文件
创建一个elk的文件夹,并进入(将elk的文件 都整理到这一个文件夹中 方便管理)
elasticsearch配置文件编写:elk/elasticsearch/config/elasticsearch.yml
---
## Default Elasticsearch configuration from Elasticsearch base image.
## https://github.com/elastic/elasticsearch/blob/master/distribution/docker/src/docker/config/elasticsearch.yml
#
cluster:
name: "docker-cluster"
network:
host: 0.0.0.0
## X-Pack settings
## see https://www.elastic.co/guide/en/elasticsearch/reference/current/setup-xpack.html
#
xpack:
license:
self_generated.type: basic
security:
enabled: true
monitoring:
collection:
enabled: true
kibana 配置文件编写:elk/kibana/config/kibana.yml
## Default Kibana configuration from Kibana base image.
## https://github.com/elastic/kibana/blob/master/src/dev/build/tasks/os_packages/docker_generator/templates/kibana_yml.template.js
#
server.name: kibana
server.host: "0"
elasticsearch.hosts: [ "http://elasticsearch:9200" ]
xpack.monitoring.ui.container.elasticsearch.enabled: true
## X-Pack security credentials
#
elasticsearch.username: elastic
elasticsearch.password: 123456es
# 开启中文模式/英文 en
i18n.locale: "zh-CN"
logstash配置文件编写:
elk/logstash/config/logstash.yml
## Default Logstash configuration from Logstash base image.
## https://github.com/elastic/logstash/blob/master/docker/data/logstash/config/logstash-full.yml
#
http.host: "0.0.0.0"
xpack.monitoring.elasticsearch.hosts: [ "http://elasticsearch:9200" ]
## X-Pack security credentials
#
xpack.monitoring.enabled: true
xpack.monitoring.elasticsearch.username: elastic
xpack.monitoring.elasticsearch.password: 123456es
elk/logstash/pipeline/logstash.conf
input {
tcp {
port => 5000
codec => json_lines
}
}
## Add your filters / logstash plugins configuration here
output {
elasticsearch {
hosts => "elasticsearch:9200"
user => "elastic"
password => "123456es"
index => "beauty-log-%{+YYYY.MM.dd}"
}
}
创建elk 容器
-
编写 doker-compose.yml 配置文件
version: '3.2' services: elasticsearch: image: elasticsearch:7.6.2 container_name: elk-es volumes: - type: bind source: ./elasticsearch/config/elasticsearch.yml target: /usr/share/elasticsearch/config/elasticsearch.yml read_only: true # - type: volume # source: elasticsearch # target: /usr/share/elasticsearch/data - "./elasticsearch/data:/usr/share/elasticsearch/data" ports: - "9200:9200" - "9300:9300" environment: ES_JAVA_OPTS: "-Xmx256m -Xms256m" ELASTIC_PASSWORD: 123456es # Use single node discovery in order to disable production mode and avoid bootstrap checks # see https://www.elastic.co/guide/en/elasticsearch/reference/current/bootstrap-checks.html discovery.type: single-node networks: - elk logstash: image: logstash:7.6.2 container_name: elk-logstash volumes: - type: bind source: ./logstash/config/logstash.yml target: /usr/share/logstash/config/logstash.yml read_only: true - type: bind source: ./logstash/pipeline target: /usr/share/logstash/pipeline read_only: true ports: - "5000:5000/tcp" - "5000:5000/udp" - "9600:9600" environment: LS_JAVA_OPTS: "-Xmx256m -Xms256m" networks: - elk depends_on: - elasticsearch kibana: image: kibana:7.6.2 container_name: elk-kibana volumes: - type: bind source: ./kibana/config/kibana.yml target: /usr/share/kibana/config/kibana.yml read_only: true ports: - "5601:5601" networks: - elk depends_on: - elasticsearch networks: elk: driver: bridge-
一键创建 容器
docker-compose up -d
-
到此elk系统已经构建完成,访问 http://localhost:5601/ 输入配置文件的账户密码 即可查看 kibana 界面
源码地址:
https://gitee.com/twelfthLunarMonthFourteen/pub_beauty/tree/hotfix/env-build (hotfix 分支)