Docker 安装Elasticsearch、Kibana、Logstash(宝塔linux)

Docker 安装Elasticsearch和Kibana(宝塔linux)

①拉镜像(版本7.17.1)
docker pull elasticsearch:7.17.1
docker pull kibana:7.17.1
docker pull logstash:7.17.1

②查看镜像
docker images

拉取成功！

③创建容器网络（docker network）
docker network create elk_network

一、elasticsearch

①启动ES

docker run -itd --name elasticsearch --net elk_network -p 9200:9200 -p 9300:9300 -e "discovery.type=single-node"  -e ES_JAVA_OPTS="-Xms256m -Xmx512m" elasticsearch:7.17.1

②复制容器镜像文件（用于文件映射）

docker cp elasticsearch:/usr/share/elasticsearch/config/elasticsearch.yml /home/elasticsearch/config/elasticsearch.yml
docker cp elasticsearch:/usr/share/elasticsearch/plugins /home/elasticsearch/plugins
docker cp elasticsearch:/usr/share/elasticsearch/data /home/elasticsearch/data
docker cp elasticsearch:/usr/share/elasticsearch/logs /home/elasticsearch/logs

③设置ES密码

配置elasticsearch.yml

xpack.security.enabled: true
xpack.security.audit.enabled: true
xpack.license.self_generated.type: basic
xpack.security.transport.ssl.enabled: true

④重启ES（注意选择创建的网络，elk要在同一网络！）

docker run -itd --name elasticsearch --net elk_network -p 9200:9200 -p 9300:9300 -e "discovery.type=single-node" -e ES_JAVA_OPTS="-Xms256m -Xmx512m" -v /home/elasticsearch/config/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml -v /home/elasticsearch/plugins:/usr/share/elasticsearch/plugins -v /home/elasticsearch/data:/usr/share/elasticsearch/data -v /home/elasticsearch/logs:/usr/share/elasticsearch/logs elasticsearch

⑤在elasticsearch/bin下运行，输入密码（默认看不见）

./elasticsearch-setup-passwords  interactive

如下修改成功

二、kibana

①启动kibana

docker run -d --name kibana --net elk_network -p 5601:5601 -e "ELASTICSEARCH_HOSTS=http://[elasticsearch启动ip地址]:9200" kibana:7.17.1

②复制容器镜像文件（用于文件映射）

docker cp kibana:/usr/share/kibana/config/kibana.yml /home/kibana/config/kibana.yml

③配置kibana.yml（添加es账号密码）

elasticsearch.username: "elastic"
elasticsearch.password: [es密码]

④重启kibana

docker run -d --name kibana --net elk_network -p 5601:5601 -e "ELASTICSEARCH_HOSTS=http://[elasticsearch启动ip地址]:9200" -v /home/kibana/config/kibana.yml:/usr/share/kibana/config/kibana.yml kibana:7.17.1

三、logstash

①启动logstash

docker run -itd --name logstash --net elk_network -p 5044:5044 logstash:7.17.1

②复制容器镜像文件（用于文件映射）

docker cp logstash:/usr/share/logstash/config/logstash.yml /home/logstash/logstash.yml
docker cp logstash:/usr/share/logstash/pipeline/logstash.conf  /home/logstash/logstash.conf

③配置logstash.yml（添加es账号密码）

xpack.monitoring.enabled: true
xpack.monitoring.elasticsearch.username: "elastic"
xpack.monitoring.elasticsearch.password: [es账号密码]

④配置logstash.conf （消费kafka数据到es，个人需求）

input {
    kafka{
        bootstrap_servers => ["[kafkaIP]:9092"]
        auto_offset_reset => "latest"
        consumer_threads => 1
        decorate_events => "true"
        topics => ["test"]
        type => "kafka-to-elasticsearch"
        tags => ["test"]
        codec => json
     }
}

filter {
	prune {
		whitelist_names => []
		blacklist_names  => []
	}	
}	

output {
    stdout {  
    	codec => rubydebug
    }
    elasticsearch {
    	hosts => ["[esIP]:9200"]
    	index => "%{[@metadata][kafka][topic]}"
    	user => "elastic"
    	password => "[es密码]"
    }
}

④重启logstash

docker run -itd --name logstash --net elk_network -p 5044:5044 -e "ELASTICSEARCH_HOSTS=http://106.12.159.165:9200" -v /home/logstash/config/logstash.yml:/usr/share/logstash/config/logstash.yml -v /home/logstash/pipeline/logstash.conf:/usr/share/logstash/pipeline/logstash.conf logstash:7.17.1

四、测试

通过IP:端口访问elasticsearch（9200）和kibana（5601）

出现如上信息表示，elasticsearch启动成功

出现如上信息表示，kibana启动成功

出现如上信息表示，logstash启动成功

参考
Elasticsearch7.8 创建用户
Logstash——Logstash过滤器（filter）对数据流量进行控制
Logstash消费kafka同步数据到Elasticsearch
感谢大佬！