一、编写配置文件
1. 在目录D:\usr\local\etc\elk下创建docker-compose-elk.yml文件
version: '3'
services:
elasticsearch:
image: elasticsearch:7.6.2
container_name: elasticsearch
environment:
# 设置集群名称为elasticsearch
cluster:
name=elasticsearch
# # 以单一节点模式启动
discovery:
type=single-node
# 设置使用jvm内存大小
ES_JAVA_OPTS: -Xms512m -Xmx512m
volumes:
# 插件文件挂载
- /d/usr/local/opt/elasticsearch/plugins:/usr/share/elasticsearch/plugins
# 数据文件挂载
- /d/usr/local/var/elasticsearch/data:/usr/share/elasticsearch/data
- /d/usr/local/etc/elasticsearch/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml
ports:
- 9200:9200
- 9300:9300
logstash:
image: logstash:7.6.2
container_name: logstash
volumes:
# 挂载logstash的配置文件
- /d/usr/local/etc/logstash/config/logstash.yml:/usr/share/logstash/config/logstash.yml
- /d/usr/local/etc/logstash/pipeline/logstash.conf:/usr/share/logstash/pipeline/logstash.conf
depends_on:
# logstash在elasticsearch启动之后再启动
- elasticsearch
links:
# 可以用es这个域名访问elasticsearch服务
- elasticsearch:es
ports:
- 9600:9600
- 5044:5044
kibana:
image: kibana:7.6.2
container_name: kibana
links:
- elasticsearch:es
depends_on:
- elasticsearch
environment:
- "elasticsearch.hosts=http://es:9200"
ports:
- 5601:5601
2. 在目录D:\usr\local\etc\elasticsearch下创建elasticsearch.yml文件
# 使外网可连接
network.host: 0.0.0.0
# 节点名称
node.name: "ZSX"
cluster.initial_master_nodes: ["ZSX"]3. 在目录D:\usr\local\etc\logstash\config下创建logstash.yml文件
http.host: "0.0.0.0"4. 在目录D:\usr\local\etc\logstash\pipeline下创建logstash.conf文件
input {
stdin { }
tcp {
mode => "server"
host => "0.0.0.0"
# 从5044端口取日志
port => 5044
# 需要安装logstash-codec-json_lines插件
codec => json_lines
}
}
output {
elasticsearch {
hosts => ["192.168.1.110:9200"]
index => "logstash-%{+YYYY.MM.dd}"
}
stdout { codec => rubydebug }
}二、启动EKL容器
1. 在目录D:\usr\local\bin\start下编写启动脚本docker-elk-up.sh(注:文本格式为Unix)
#!/bin/bash
docker-compose -f D:/usr/local/etc/elk/docker-compose-elk.yml up -d2. 打开Cygwin,切换到脚本所在目录,执行脚本
cd D:/usr/local/bin/start
./docker-elk-up.sh
3. 查看结果
docker container ls
三、给Logstash容器安装插件
1. 进入logstash容器内部
docker exec -it logstash bash2. 切换到容器bin目录下
cd /bin3. 安装插件logstash-codec-json_lines
logstash-plugin install logstash-codec-json_lines
4. 从容器内部退出并重启
exit
docker restart logstash
四、Java端编写(此处省略部分)
1. 创建Spingboot工程,引入Logstash依赖
implementation group: 'net.logstash.logback', name: 'logstash-logback-encoder', version: '6.3'2. 在resource目录下新增日志配置文件logback-spring.xml
<?xml version="1.0" encoding="UTF-8"?>
<!--该日志将日志级别不同的log信息保存到不同的文件中 -->
<configuration>
<include resource="org/springframework/boot/logging/logback/defaults.xml" />
<springProperty scope="context" name="springAppName" source="spring.application.name" />
<!-- 日志在工程中的输出位置 -->
<property name="LOG_FILE" value="${BUILD_FOLDER:-build}/${springAppName}" />
<!-- 控制台的日志输出样式 -->
<property name="CONSOLE_LOG_PATTERN"
value="%clr(%d{yyyy-MM-dd HH:mm:ss.SSS}){faint} %clr(${LOG_LEVEL_PATTERN:-%5p}) %clr(${PID:- }){magenta} %clr(---){faint} %clr([%15.15t]){faint} %m%n${LOG_EXCEPTION_CONVERSION_WORD:-%wEx}}" />
<!-- 控制台输出 -->
<appender name="console" class="ch.qos.logback.core.ConsoleAppender">
<filter class="ch.qos.logback.classic.filter.ThresholdFilter">
<level>INFO</level>
</filter>
<!-- 日志输出编码 -->
<encoder>
<pattern>${CONSOLE_LOG_PATTERN}</pattern>
<charset>utf8</charset>
</encoder>
</appender>
<!-- 为logstash输出的JSON格式的Appender -->
<appender name="logstash"
class="net.logstash.logback.app