适合快速构建测试环境日志收集系统,线上日志收集,需要做集群化部署,或直接采购云服务 基于:6.8.22 版本(elasticsearch、filebeat、kibana)
一、构建 docker-compose
创建统一网络环境:
docker network create elk_bridge
1.1、Elasticsearch 启动(单机)
version: '2.2'services:es01:image: docker.elastic.co/elasticsearch/elasticsearch:6.8.22container_name: elasticsearchenvironment:## 指定运行堆大小- "ES_JAVA_OPTS=-Xms512m -Xmx512m"## 时区- "TZ=Asia/Shanghai"ulimits:memlock:soft: -1hard: -1volumes:## 持久化数据存放- ./data:/usr/share/elasticsearch/dataports:- 9200:9200networks:## 外部定义统一网络- elk_bridgenetworks:elk_bridge:external: true
1.2、Kibana 启动(单机)
version: '2'
services:
kibana:
image: docker.elastic.co/kibana/kibana:6.8.22
container_name: kibana
environment:
SERVER_NAME: kibana
ELASTICSEARCH_HOSTS: http://elasticsearch:9200
I18N_LOCALE: zh-CN
TZ: Asia/Shanghai
ports:
- 5601:5601
networks:
- elk_bridge
networks:
elk_bridge:
external: true
1.3、Filebeat 启动
version: '2'
services:
filebeat:
image: docker.elastic.co/beats/filebeat:6.8.22
container_name: filebeat
volumes:
- ./conf/filebeat.yml:/usr/share/filebeat/filebeat.yml
- ./log/:/opt/docker/infrastructure/filebeat/log
- /var/log/:/var/log
environment:
TZ: Asia/Shanghai
networks:
- elk_bridge
networks:
elk_bridge:
external: true
简单配置:filebeat.yml
filebeat.inputs:
- type: log
enabled: true
paths:
- /var/log/*.log
- /opt/docker/infrastructure/filebeat/log
filebeat.config.modules:
path: ${path.config}/modules.d/*.yml
reload.enabled: false
setup.template.settings:
index.number_of_shards: 3
setup.kibana:
host: "kibana:5601"
output.elasticsearch:
hosts: ["elasticsearch:9200"]
processors:
- add_host_metadata: ~
- add_cloud_metadata: ~
二、测试
往
/var/log或/opt/docker/infrastructure/filebeat/log中放入 nginx 日志
若有收获,就点个赞吧
0 人点赞
