docker搭建EFK(filebeat)收集docker日志,展示到kibana

es部署命令

sudo docker run --name elasticsearch6 -p 15592:9200  -p 15593:9300 
-e "discovery.type=single-node" 
-e ES_JAVA_OPTS="-Xms512m -Xmx512m" 
-v /home/data/elasticsearch/config/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml 
-v /home/data/elasticsearch/data:/usr/share/elasticsearch/data 
-v /home/data/elasticsearch/plugins:/usr/share/elasticsearch/plugins 
-d elasticsearch:7.6.2

es挂载的elasticsearch.yml文件在/home/data/elasticsearch/config/目录下


http.host: 0.0.0.0
transport.host: 0.0.0.0
http.cors.enabled: true
http.cors.allow-origin: "*"
discovery.zen.fd.ping_timeout: 1000s
discovery.zen.fd.ping_retries: 10
xpack.security.enabled: true
http.cors.allow-methods: OPTIONS,HEAD,GET,POST,PUT,DELETE
http.cors.allow-headers: Content-Type,Accept,Authorization,x-requested-with

kibana部署

部署命令

docker run -d 
--name Kibana 
-p 56610:5601 
-m 1024m 
-e TZ=Asia/Shanghai 
--restart=always 
-v /home/data/kibana/config:/opt/kibana/config/ 
kibana:7.6.2

挂载的kibana.yaml文件在/home/data/kibana/config/目录下

server.name: kibana
server.host: "0"
elasticsearch.hosts: [ "http://10.10.70.8:15592" ]
xpack.monitoring.ui.container.elasticsearch.enabled: true
elasticsearch.username: "elastic"
elasticsearch.password: "Admin2022"
i18n.locale: "zh-CN"

filebeat部署

部署命令

docker run -d 
--name filebeat 
--user root 
--log-driver json-file 
--log-opt max-size=10m 
--log-opt max-file=3 
--restart=always 
-v /home/data/firebeat/config/filebeat.yml:/usr/share/filebeat/filebeat.yml:ro 
-v /home/data/docker/containers/:/var/lib/docker/containers/ 
-v /var/run/docker.sock:/var/run/docker.sock:ro 
docker.elastic.co/beats/filebeat:7.6.2

挂载的配置文件filebeat.yaml在/home/data/firebeat/config/目录下

filebeat.config:
modules:
path: ${path.config}/modules.d/*.yml
reload.enabled: false
processors:
add_cloud_metadata: ~
add_docker_metadata: ~
filebeat.inputs:
type: docker
containers:
path: "/var/lib/docker/containers"
json.keys_under_root: true
ids:
- "*"
output.elasticsearch:
hosts: '10.10.70.8:15592'
username: 'elastic'
password: 'Admin2022'
setup.kibana:
host: "10.10.70.8:56610"

收集docker的日志按照日期和容器名存储到es,通过kibana展示

docker搭建EFK(filebeat)收集docker日志,展示到kibana_第1张图片

 

 

你可能感兴趣的:(docker,elasticsearch,搜索引擎)