Docker安装ELK

ELK为 elasticsearch(搜索型数据库)、logstash(日志搜集、过滤、分析)、kibana(提供Web页面分析日志)

本文将会使用分别使用Docker命令和Docker Compose命令进行ELK安装,具体选用哪一种,应根据实际情况选择

更推荐使用docker-compose进行安装

Docker命令安装

安装Elasticsearch

  • 拉取Elasticsearch镜像,当前选用的版本是7.6.2
docker pull elasticsearch:7.6.2
  • 创建数据挂载目录

建议将所有的docker容器挂载目录统一在一处,以便后期维护,这里使用/home/dockerdata目录

mkdir /home/dockerdata/elasticsearch/plugins
mkdir /home/dockerdata/elasticsearch/data
# 给予读写权限
chmod 777 /home/dockerdata/elasticsearch/
  • 启动Elasticsearch容器
docker run --name elasticsearch \
-p 9200:9200 \
-p 9300:9300 \
-e ES_JAVA_OPTS="-Xms256m -Xmx256m" \
-e "discovery.type=single-node" \
-e "cluster.name=elasticsearch" \
-v /home/dockerdata/elasticsearch/plugins:/usr/share/elasticsearch/plugins \
-v /home/dockerdata/elasticsearch/data:/usr/share/elasticsearch/data \
-d elasticsearch:7.6.2
  • 检查启动是否成功
curl http://localhost:9200

如果看到如下JSON,说明安装成功

{
  "name" : "2e3940c9b7bb",
  "cluster_name" : "elasticsearch",
  "cluster_uuid" : "wtFzha2jSW6fq0YhO0lhyg",
  "version" : {
    "number" : "7.6.2",
    "build_flavor" : "default",
    "build_type" : "docker",
    "build_hash" : "ef48eb35cf30adf4db14086e8aabd07ef6fb113f",
    "build_date" : "2020-03-26T06:34:37.794943Z",
    "build_snapshot" : false,
    "lucene_version" : "8.4.0",
    "minimum_wire_compatibility_version" : "6.8.0",
    "minimum_index_compatibility_version" : "6.0.0-beta1"
  },
  "tagline" : "You Know, for Search"
}
  • 如果启动失败了,可以尝试调高JVM线程数限制

来源:https://juejin.cn/post/6844903810536587277

vim /etc/sysctl.conf
# 添加这个
vm.max_map_count=262144 
# 保存后执行这个命令
sysctl -p

修改完成后,重启容器

docker restart elasticsearch
  • 安装中文分词器IKAnalyzer,安装完成后重新启动elasticsearch容器
# 进入容器
docker exec -it elasticsearch /bin/bash

# 进入容器后,下载安装中文分词插件,这一步会比较慢
elasticsearch-plugin install https://github.com/medcl/elasticsearch-analysis-ik/releases/download/v7.6.2/elasticsearch-analysis-ik-7.6.2.zip

# 安装完成后退出容器
exit

# 退出容器后,重启容器
docker restart elasticsearch
  • 开启防火墙,放行9200端口
firewall-cmd --zone=public --add-port=9200/tcp --permanent
firewall-cmd --reload

安装Logstash

  • 拉取Logstash镜像,版本7.6.2

  • 创建数据挂载目录

    mkdir /home/dockerdata/logstash
  • 创建配置文件logstash.conf,修改output节点的Elasticsearch链接地址为es:9200

    cd /home/dockerdata/logstash
    touch logstash.conf
    vi logstach.conf
    input {
      tcp {
        mode => "server"
        host => "0.0.0.0"
        port => 4560
        codec => json_lines
        type => "debug"
      }
      tcp {
        mode => "server"
        host => "0.0.0.0"
        port => 4561
        codec => json_lines
        type => "error"
      }
      tcp {
        mode => "server"
        host => "0.0.0.0"
        port => 4562
        codec => json_lines
        type => "business"
      }
      tcp {
        mode => "server"
        host => "0.0.0.0"
        port => 4563
        codec => json_lines
        type => "record"
      }
    }
    filter{
      if [type] == "record" {
        mutate {
          remove_field => "port"
          remove_field => "host"
          remove_field => "@version"
        }
        json {
          source => "message"
          remove_field => ["message"]
        }
      }
    }
    output {
      elasticsearch {
        hosts => "es:9200"
        index => "mall-%{type}-%{+YYYY.MM.dd}"
      }
    }
  • 启动容器

    docker run --name logstash \
    -p 4560:4560 -p 4561:4561 -p 4562:4562 -p 4563:4563 \
    --link elasticsearch:es \
    -v /home/dockerdata/logstash/logstash.conf:/usr/share/logstash/pipeline/logstash.conf \
    -d logstash:7.6.2
  • 进入容器,安装json_lines插件

    docker exec -it logstash /bin/bash
    logstash-plugin install logstash-codec-json_lines

安装Kibana

  • 拉取Kibana镜像,版本为7.6.2

    docker pull kibana:7.6.2
  • 启动容器

    docker run --name kibana \
    -p 5601:5601 \
    -v /home/dockerdata/kibana/kibana.yml:/usr/share/kibana/config/kibana.yml \
    -d kibana:7.6.2
  • 检查是否启动成功

    curl http://localhost:5601
     
  • 开启防火墙
firewall-cmd --zone=public --add-port=5601/tcp --permanent
firewall-cmd --reload

本博客所有文章除特别声明外,均采用 CC BY-SA 3.0协议 。转载请注明出处!

Flutter对接极光认证的注意事项 下一篇