ELK搭建入门
主要用到以下6个步骤:
1.安装配置启动Elasticsearch
2.安装配置Logstash,本案例是采用监听某个日志文件,然后向ES输入数据
3.启动logstash
4.ES添加索引
5.启动java测试类,输入日志文件
6.启动kibana并添加索引规则
重点是Logstash的启动命令配置,需要考虑以下四点:
1.为了方便调试,logstash指定的配置文件必须要能在win10目录下,方便修改重新启动。
2.配置文件中指定读取的日志文件也要在win10目录下。
3.win10系统的目录如何共享到docker
4.docker的目录如何共享到镜像中
docker 安装配置Elasticsearch:
拉取:
docker pull elasticsearch:6.5.4
修改系统参数
docker-machine ssh
sudo sysctl -w vm.max_map_count=262144
运行:
docker run --name elasticsearch -d -e ES_JAVA_OPTS="-Xms512m -Xmx512m" -p 9200:9200 -p 9300:9300 elasticsearch:6.5.4
docker 安装配置logstash:
input{
file{
path => "/usr/share/logstash/pipeline/log_info.log"
start_position => "beginning"
type=>"probe_log"
}
}
#filter{
# grok{
# match => { "message" => "%{SYSLOGBASE} %{DATA:message}" }
# overwrite => [ "message" ]
# }
#}
output{
elasticsearch{
hosts => ["http://192.168.99.101:9200"]
index => "info_index"
document_type => "index1"
}
stdout { codec => json_lines }
}
3.启动logstash
docker run -d -v /logInfo/:/usr/share/logstash/pipeline/ --name logstash logstash:6.5.4 -f /usr/share/logstash/pipeline/logstash.conf
说明 -d -v /logInfo/:/usr/share/logstash/pipeline/ 将docker目录/logInfo/挂载到镜像中的
/usr/share/logstash/pipeline/ 这样镜像内部访问/usr/share/logstash/pipeline/地址也就是访问镜像外部的/logInfo/目录
4.ES添加索引
http://192.168.99.101:9200/info_index/index1?pretty
{
"mappings": {
"docs": {
"_source": {
"excludes": [
"query_content"
]
},
"properties": {
"legalbasis": {
"enabled": false
},
"query_content": {
"doc_values": false,
"search_analyzer": "ik_smart",
"type": "text",
"analyzer": "ik_smart"
},
"updatetime": {
"enabled": false
},
"openlaw_seq": {
"enabled": false
},
"url": {
"enabled": false
},
"doctype": {
"enabled": false
},
"modify_time": {
"type": "date",
"format": "yyyy-MM-dd HH:mm:ss||yyyy-MM-dd||epoch_millis"
},
"fact": {
"enabled": false
}
}
}
},
"settings": {
"index": {
"number_of_replicas": "0",
"number_of_shards": "6",
"refresh_interval": "10s",
"translog": {
"durability": "async",
"flush_threshold_size": "1g"
}
}
}
}
5.启动java测试类,输入日志文件
@Test
public void testLog4j(){
Logger logger = LogManager.getLogger(WebApplicationTests.class);
logger.debug("this is debug");
logger.info("this is info");
logger.error("this is error");
}
6.启动kibana并添加索引规则
下载kibana:
docker pull kibana:6.5.4
运行:
docker run --name kibana --link e9d09f735b02:elasticsearch -p 5602:5602 -p 5601:5601 -d kibana:6.5.4