这是我参与8月更文挑战的第3天,活动详情查看:8月更文挑战
1.安装ES
1.1 下载ES镜像
docker pull elasticsearch:7.6.1
复制代码1.2 挂载目录
mkdir -p /usr/local/docker/elk/es/data
mkdir -p /usr/local/docker/elk/es/logs
mkdir -p /usr/local/docker/elk/es/config
chmod a+w /usr/local/docker/elk/es/data
chmod a+w /usr/local/docker/elk/es/logs
chmod a+w /usr/local/docker/elk/es/config
复制代码在/usr/local/docker/elk/es/config目录下新建elasticsearch.yml文件
cluster.name: my-application
network.host: 0.0.0.0
http.port: 9200
# 开启es跨域
http.cors.enabled: true
http.cors.allow-origin: "*"
http.cors.allow-headers: Authorization
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
复制代码1.3 运行ES
docker run -d --name elasticsearch \
-p 9200:9200 -p 9300:9300 \
-v /usr/local/docker/elk/es/data:/usr/share/elasticsearch/data \
-v /usr/local/docker/elk/es/logs:/usr/share/elasticsearch/logs \
-v /usr/local/docker/elk/es/config/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml \
-e "discovery.type=single-node" \
elasticsearch:7.6.1
复制代码进入elasticsearch容器 运行以下命令
进入容器
docker exec -it elasticsearch /bin/bash
复制代码设置密码 按y确认后即可设置密码
elasticsearch-setup-passwords interactive
复制代码访问ES 输入刚刚设置elastic用户的密码即可访问
2. 安装Kibana
2.1 下载Kibana镜像
docker pull kibana:7.6.1
复制代码2.2 挂载目录
mkdir -p /usr/local/docker/elk/kibana/config
chmod a+w /usr/local/docker/elk/kibana/config
复制代码在/usr/local/docker/elk/kibana/config目录新建 kibana.yml文件
server.host: 0.0.0.0
server.port: 5601
elasticsearch.hosts: ["http://192.168.0.103:9200"]
elasticsearch.username: "kibana"
elasticsearch.password: "123456"
# 设置kibana为中文
#i18n.locale: "en"
#i18n.locale: "zh-CN"
复制代码2.3 运行Kibana
docker run -d --name kibana \
-p 5601:5601 \
-v /usr/local/docker/elk/kibana/config/kibana.yml:/usr/share/kibana/config/kibana.yml \
kibana:7.6.1
复制代码访问kibana 使用elastic用户访问
3.安装Logstash
3.1 下载Logstash镜像
docker pull logstash:7.6.1
复制代码3.2 挂载目录
mkdir -p /usr/local/docker/elk/logstash/config
chmod a+w /usr/local/docker/elk/logstash/config
复制代码在/usr/local/docker/elk/logstash/config目录下新建logstash.conf文件
input {
beats {
port => 5044
}
}
filter {
grok{
match => { "message" => "%{TIMESTAMP_ISO8601:timestamp} %{LOGLEVEL:level} %{JAVALOGMESSAGE:msg}" }
}
date {
match => ["timestamp","yyyy-MM-dd HH:mm:ss,SSS","ISO8601"]
target => "@timestamp"
}
}
output {
if "ERROR" in [message]{
elasticsearch {
hosts => ["192.168.0.103:9200"]
index => "open-web-error"
template_overwrite => true
}
}else {
elasticsearch {
hosts => ["192.168.0.103:9200"]
index => "open-web"
template_overwrite => true
}
}
}
复制代码我这里是使用filebeta作为logstash的输入源 根据日志的level级别 输出到ES的不同索引当中
在/usr/local/docker/elk/logstash/config目录下新建logstash.yml文件
xpack.monitoring.enabled: true
xpack.monitoring.elasticsearch.username: logstash_system
xpack.monitoring.elasticsearch.password: "123456"
xpack.monitoring.elasticsearch.hosts: ["http://192.168.0.103:9200"]
复制代码3.3 运行logstash
docker run -it -d -p 4560:4560 -p 5044:5044 --name logstash \
-v /usr/local/docker/elk/logstash/config/logstash.conf:/usr/share/logstash/pipeline/logstash.conf \
-v /usr/local/docker/elk/logstash/config/logstash.yml:/usr/share/logstash/config/logstash.yml \
logstash:7.6.1
复制代码4. 下载Filebeat
我在本地启动filebeat 用来监听SpringBoot项目的日志文件 然后发送到logstash 进行解析后 存储到ES中
选择对应的产品和版本号进行下载
4.1 配置filebeat.yml文件
配合监听日志文件的位置
配置logstash地址
4.2 启动Filebeat
.\filebeat.exe -e -c .\filebeat.yml
复制代码启动SpringBoot项目 产生日志文件
5. 进入Kibana查看日志信息
点击 Management
点击 Index Patterns 然后点击 Create Index Pattern
选择需要查看的索引 点击 Next Step
选择完毕后 点击 Create Index Pattern
查看日志信息 可在搜索栏进行相关字段的搜索
这里的时间格式看不习惯的话 是可以设置的
具体设置可以查看
近期评论