docker logstash

下载docker镜像

docker pull docker.elastic.co/logstash/logstash:6.6.2

创建文件夹 (用于容器文件的挂载)

mkdir /opt/sns/logstash/config

创建相关配置文件

将以下文件放到/opt/sns/logstash/config下

logstash.yml (空文件就行)

log4j2.properties

logger.elasticsearchoutput.name = logstash.outputs.elasticsearch
logger.elasticsearchoutput.level = debug

pipelines.yml(那个小杠杠很重要)

- pipeline.id: my-logstash
  path.config: "/usr/share/logstash/config/*.conf"
  pipeline.workers: 3

*.conf 文件

input {
    jdbc {
      jdbc_connection_string => "jdbc:mysql://***.***.***.***:3306/***?useUnicode=true&characterEncoding=utf-8&autoReconnect=true&failOverReadOnly=false&serverTimezone=GMT%2B8"
      jdbc_user => "****"
      jdbc_password => "*****"
      jdbc_driver_library => "/usr/share/logstash/config/mysql-connector-java.jar"
      jdbc_driver_class => "com.mysql.jdbc.Driver"
      jdbc_paging_enabled => "true"
      jdbc_page_size => "5000"

      use_column_value => true
      tracking_column => "sid"
      record_last_run => true
	  lowercase_column_names => "false"
      last_run_metadata_path => "/usr/share/logstash/config/*****_last.txt"
      

      statement => "select *
					from **** table
					where table.sid > :sql_last_value
					ORDER BY table.sid"
      schedule => "* * * * *"
      type => "TYPE_NAME"
    }
}

output {
    
    if[type] == "TYPE_NAME"{
        elasticsearch {
      		hosts => ["***.***.***.***:9200"]
      		index => "***"
      		document_type => "TYPE_NAME"
      		document_id => "%{sid}"
   			}   
    }
	
}

如果conf文件中如上需要使用连接数据库的话,需要jdbc包。
可以将jdbc包放在挂载的/opt/sns/logstash/config下

创建并启动容器

docker run -d --name logstash --network host --restart=always -it -v /opt/sns/logstash/config:/usr/share/logstash/config  docker.elastic.co/logstash/logstash:6.6.2

你可能感兴趣的:(docker,logstash,elk)