ELK日志采集

一、安装准备工作

1.安装es

docker pull elasticsearch:7.6.2

docker run -d -p 9200:9200 -p 9300:9300 -e "discovery.type=single-node" -e ES_JAVA_OPTS="-Xms64m -Xmx512m" --name es elasticsearch:7.6.2

2.安装kibana

docker pull kibana:7.6.2

docker run --name kibana -e ELASTICSEARCH_URL=http://127.0.0.1:9200 -p 5601:5601 -d kibana:7.6.2

#需要更改配置文件的es信息
docker exec -it kibana /bin/bash

bash-4.2$ pwd
/usr/share/kibana/config
bash-4.2$ vi kibana.yml

• 进入kibana.yml 将elasticsearch.hosts: [ “http://106.52.237.244:9200” ] 中的地址改为你的es地址

#
# ** THIS IS AN AUTO-GENERATED FILE **
#

# Default Kibana configuration for docker target
server.name: kibana
server.host: "0"
elasticsearch.hosts: [ "http://106.52.237.244:9200" ]
xpack.monitoring.ui.container.elasticsearch.enabled: true

• 重启kibana

docker restart kibana

3.安装logstash

docker pull logstash:7.6.2

docker run -d -p 9600:9600 --name logstash logstash:7.6.2

docker exec -it logstash /bin/bash


# 需要更改配置文件的es信息
bash-4.2$ pwd
/usr/share/logstash/config
bash-4.2$ ls
jvm.options  log4j2.properties	logstash-sample.conf  logstash.yml  pipelines.yml  startup.options
bash-4.2$ cat logstash-sample.conf 
# Sample Logstash configuration for creating a simple
# Beats -> Logstash -> Elasticsearch pipeline.

input {
  beats {
    port => 5044
  }
}

output {
  elasticsearch {
  # 改为你的es地址
    hosts => ["http://106.52.237.244:9200"]
    index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
    #user => "elastic"
    #password => "changeme"
  }
}
bash-4.2$ cat logstash.yml 
http.host: "0.0.0.0"
# 改为你的es地址
xpack.monitoring.elasticsearch.hosts: [ "http://106.52.237.244:9200" ]
bash-4.2$