docker-compose部署ELK日志分析

• 安装docker及docker-compose
• 新建相关文件夹

mkdir -p /devdata/elk/elasticsearch/plugins

mkdir -p /devdata/elk/elasticsearch/data

mkdir -p /devdata/elk/logstash/

• 配置docker-compose.yml

version: '2'
services:
  elasticsearch:
    image: elasticsearch:7.13.3
    container_name: elk_elasticsearch
    environment:
      - "discovery.type=single-node"
      - "ES_JAVA_OPTS=-Xms512m -Xmx1024m"
    volumes:
      - /devdata/elk/elasticsearch/plugins:/usr/share/elasticsearch/plugins
      - /devdata/elk/elasticsearch/data:/usr/share/elasticsearch/data
    ports:
      - 9200:9200
      - 9300:9300
    networks:
      - elk
  kibana:
    image: kibana:7.13.3
    container_name: elk_kibana
    depends_on:
      - elasticsearch
    environment:
        #配置访问elasticsearch的地址
      - ELASTICSEARCH_HOSTS=http://0.0.0:19200 
    ports:
      - 15601:5601
    networks:
      - elk
  logstash:
    image: logstash:7.13.3
    container_name: elk_logstash
    volumes:
      - /devdata/elk/logstash/logstash.conf:/usr/share/logstash/pipeline/logstash.conf
    depends_on:
      - elasticsearch
    links:
      - elasticsearch:es
    ports:
      - 4560:4560
    networks:
      - elk
networks:
 elk:

•  配置logstash.conf

input {
#  file{
#    path => 
#["/data/box/admin","/data/box/gateway","/data/box/integrate","/data/box/logins","/data/box/logs","/data/box/order"]
#    type => "system"
#    start_position => "timestamp"
#  }
  tcp {
    mode => "server"
    host => "0.0.0.0"
    port => 4561
    codec => json_lines
    type => "error"
  }
  tcp {
    mode => "server"
    host => "0.0.0.0"
    port => 4562
    codec => json_lines
    type => "business"
  }
}
output {
  elasticsearch {
    hosts => "es:9200"
    index => "fincourt-logs-%{type}-%{+YYYY.MM.dd}"
  }
}

•  运行docker-compose，启动elk

 #授权es目录

cd /elk

chmod 777 elasticsearch/data

#安装 elk

docker-compose up -d

#完成后查看容器

docker ps

•  logstash安装json_lines插件并重启

docker exec -it elk_logstash /bin/bash -c "cd /bin && logstash-plugin install logstash-codec-json_lines"

docker restart elk_logstas

• 在项目中pom.xml添加logstash-logback-encoder依赖 

 

    net.logstash.logback
    logstash-logback-encoder
    4.11

• 配置logback-spring.xml 启动项目

    
    
    
    
        
            ${log.pattern}
        
    

    
    
        
        
        

        
        
            
            ${dest}
            
            
                
                {"appname":"${name}"}
            
        

        
            
            
        
        
            
            
        
    
    
        
        
        
        
        
            
            ${dest}
            
            
                
                {"appname":"${name}"}
            
        

        
            
            
        
        
            
            
        
    
    
        
        
        
        
        
            
            ${dest}
            
            
                
                {"appname":"${name}"}
            
        

        
            
            
        
        
            
            
        
    

• bootstrap.yml加入配置

spring:
  logstash:
    server: ${logstash-address}:4561

定期删除过期数据：

ELK整合：ElasticSearch定期删除过期数据_xiatiandexiangrikui的博客-CSDN博客_es清理过期数据

————————————————
版权声明：本文为CSDN博主「jane_zhang1022」的原创文章，遵循CC 4.0 BY-SA版权协议，转载请附上原文出处链接及本声明。
原文链接：https://blog.csdn.net/jane_zhang1022/article/details/119667608