05-基于docker11步快速搭建ELK日志分析平台

1.拉取nshou/elasticsearch-kibana

    docker pull nshou/elasticsearch-kibana

2.启动es-kibana容器

    docker run -d --name es -p 9200:9200 -p 9300:9300 -p 5601:5601 -e "ES_JAVA_OPTS=-Xms512m -Xmx512m" -e "discovery.type=single-node" --privileged=true nshou/elasticsearch-kibana:latest
测试：
    http://118.25.178.111:9200/ http://118.25.178.111:5601/

3.拉取logstash

docker pull logstash:7.1.1

4.启动logstash

docker run -it -d --name ls logstash:7.1.1

5.复制logstash容器配置文件到宿主机

docker cp ls:/usr/share/logstash/config /home

6.删除ls容器

docker stop ls;
docker rm ls

7.修改/home/config/pipelines.yml文件内容

pipeline.id: main
path.config: "/usr/share/logstash/config/logstash.conf"

8.修改/home/config/logstash.yml文件内容

http.host: "0.0.0.0"
xpack.monitoring.elasticsearch.hosts: [ "http://118.25.178.111:9200" ]

9.新建/home/config/logstash.conf文件内容

input{
        tcp {
                mode => "server"
                host => "0.0.0.0"
                port => 4567
                codec => json_lines
        }
}
output{
        elasticsearch{
                hosts=>["127.0.0.1:9200"]
                index => "tcs-%{+YYYY.MM.dd}"
                }
        stdout{codec => rubydebug}
}

9.启动配置好的logstash容器

docker run -it -v /home/config:/usr/share/logstash/config -p 4567:4567 --privileged=true --name ls logstash:7.1.1

10.需要采集的项目添加maven包

    
        net.logstash.logback
        logstash-logback-encoder
        5.1
    

11.修改logback-spring.xml配置

    logback
    
    
        
            %d{HH:mm:ss} [%thread] %-5level %logger{36} - %msg%n
        
    


    true
    
        
            applog/%d{yyyy-MM-dd}/%d{yyyy-MM-dd}.log
        
    
    
        
            %d{yyyy-MM-dd HH:mm:ss} -%msg%n
        
    



    118.25.178.111:4567 
    

​

    
    
    

​