简单的ELK搭建

一、安装 Elasticsearch

未做目录挂载
docker run  -d -p 9200:9200 -p 9300:9300  --name es0  -e "discovery.type=single-node"  elasticsearch:6.7.1


做了目录挂载
docker run  -d -p 9200:9200 -p 9300:9300 -v /Users/admin/Documents/ES/config/es1.yml:/usr/share/elasticsearch/config/elasticsearch.yml --name es00 elasticsearch:6.7.1

访问测试

如果用es_head连接不上，则加入：

http.cors.enabled: true
http.cors.allow-origin: "*"

二、安装Kibaba

docker run  -d -p 5601:5601 --name es_kibana  kibana:6.7.1

进入到容器内部:docker exec -it kibana /bin/bash
找到kibana的配置文件:/usr/share/kibana/config/kibana.yml
修改配置文件,因为要绕过x-pack的安全检查

# ** THIS IS AN AUTO-GENERATED FILE **
#

# Default Kibana configuration for docker target
server.name: kibana
server.host: "0"
elasticsearch.hosts: [ "http://192.168.3.28:9200" ]
xpack.monitoring.ui.container.elasticsearch.enabled: false

重启容器: docker restart es_kibana
查看日志：docker logs -f es_kibana

如果出现如下问题：

{"type":"log","@timestamp":"2020-07-23T06:26:05Z","tags":["warning","elasticsearch","admin"],"pid":1,"message":"No living connections"}
{"type":"log","@timestamp":"2020-07-23T06:26:05Z","tags":["warning","elasticsearch","admin"],"pid":1,"message":"Unable to revive connection: http://localhost:9200/"}

解决方案：

注意：elasticsearch.url，需要写IP地址

正常启动显示：

浏览器访问效果：

三、安装Logstash

docker run  -d -p 5044:5044 --name es_logstash  logstash:6.7.1

进入容器: docker exec -it es_logstash /bin/bash

找到文件: /usr/share/logstash/pipeline

修改配置文件logstash.conf

input {
    tcp {
        port => 5044
        codec => json_lines
    }
}

output{
    elasticsearch {
        hosts => ["192.168.3.28:9200"]
        action => "index"
        index => "%{[appname]}"
    }
  stdout { codec => rubydebug }
}

重启容器: docker restart es_logstash
查看日志： docker logs -f es_logstash

后记：

1. --link的解析说明

网站地址:https://www.jianshu.com/p/21d66ca6115e