Docker+ELK搭建

换了个运行环境,重新搭建一套公司本地内部的ELK,之前也搭过(可访问:https://yanganlin.com/31.html) , 最近做什么事情都想用Docker,这次也用Docker,还算顺利,没掉什么坑里,上次搭建,也用用的6.2+的版本,这都过了一年,Elk这三个产品,都已经上7了,用docker搭建的还是用6.2.4,稳定不落伍就好

安装elasticsearch

安装

1
2
3
4
5
6
7
docker run \
-d \
--name elasticsearch \
-p 9200:9200 \
-p 9300:9300 \
-e "discovery.type=single-node" \
docker.elastic.co/elasticsearch/elasticsearch:6.2.4

访问http://localhost:9200

安装kibana

安装

1
2
3
4
5
6
docker run \
-d \
-u 0 \
--name kibana \
-p 5601:5601\
docker.elastic.co/kibana/kibana:6.2.4

进入到容器内部:docker exec -it kibana /bin/bash
找到kibana的配置文件:/usr/share/kibana/config/ kibana.yml
重启容器:doccker restart kibana

修改配置文件,因为要绕过x-pack的安全检查

1
2
elasticsearch.url: http://localhost:9200
xpack.monitoring.ui.container.elasticsearch.enabled: false

安装logstash

安装

1
2
3
4
5
6
docker run \
-d \
-u 0 \
--name logstash \
-p 5044:5044\
docker.elastic.co/logstash/logstash:6.2.4

进入容器:docker exec -it logstash /bin/bash

找到文件:/usr/share/logstash/pipeline

修改配置文件logstash.conf

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
input {
tcp {
port => 5044
codec => json_lines
}
}

output{
elasticsearch {
hosts => ["localhost:9200"]
action => "index"
index => "%{[appname]}"
}
stdout { codec => rubydebug }
}

重启容器:doccker restart logstash

SpringBoot配置Logstash

logback.xml

1
2
3
4
5
6
7
8
9
10
<appender name="LOGSTASH" class="net.logstash.logback.appender.LogstashTcpSocketAppender">
<destination>localhost:5044</destination>
<encoder charset="UTF-8" class="net.logstash.logback.encoder.LogstashEncoder">
<customFields>{"appname":"eureka-server"}</customFields>
</encoder>
</appender>

<root level="INFO">
<appender-ref ref="LOGSTASH"/>
</root>

pom.xml

1
2
3
4
5
<dependency>
<groupId>net.logstash.logback</groupId>
<artifactId>logstash-logback-encoder</artifactId>
<version>4.9</version>
</dependency>

在Kibana创建索引

参考:https://yanganlin.com/31.html