docker run方式安装elk
(1)安装elasticsearch
1)在elasticsearch的docker版本文档中,官方提到了vm.max_map_count的值在生产环境最少要设置成262144
#vi /etc/sysctl.conf
vm.max_map_count=262144 #添加或者修改
#sysctl -w vm.max_map_count=262144 #临时修改
2)准备elasticsearch配置文件
#test -d /etc/elasticsearch/ || mkdir /etc/elasticsearch/
# cat /etc/elasticsearch/elasticsearch.yml
http.cors.enabled: true #增加新的参数,这样head插件可以访问es
http.cors.allow-origin: "*" #实现跨域
http.host: 0.0.0.0
3)启动
docker run -d --restart always -p 9200:9200 -p 9300:9300 -m 2048m -v /etc/elasticsearch/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml --name elasticsearch -e "discovery.type=single-node" -e ES_JAVA_OPTS="-Xms1024m -Xmx2048m" elasticsearch
4)验证服务是否正常启动
(2)安装head插件
1)运行
docker run -d --restart always --name head --link elasticsearch -p 9001:9100 docker.io/mobz/elasticsearch-head:5
2)验证
(3)安装kibana
1)启动
docker run -d --restart always -p 5601:5601 --link elasticsearch -m 1024 -e ELASTICSEARCH_URL=http://elasticsearch:9200 kibana
2)验证
(4)安装logstash
注意: filebeat晚点做补充
1)准备配置文件
#test -d /etc/logstash || mkdir /etc/logstash
# cat /etc/logstash/logstash.yml
path.config: /etc/logstash/conf.d
http.port: 9600
# cat /etc/logstash/logstash.conf
input{
redis {
type => "log"
host => "192.168.1.42"
port => "6379"
password => '[email protected]'
db => '8'
data_type => "list"
key => 'tcl-log'
batch_count => 1
}
}
output {
if [type] == "log" {
elasticsearch {
hosts => ['elasticsearch:9200']
index => 'tcl-log-%{+YYYY.MM.dd}'
}
}
}
2)启动容器
docker run -d --restart always --name logstash --link elasticsearch -v /etc//logstash/logstash.conf:/etc/logstash/conf.d/logstash.conf -v /etc/logstash/logstash.yml:/etc/logstash/logstash.yml logstash:5.6
3)获取索引:
curl -XGET 'localhost:9200/_cat/indices?v'
4)去kibana上验证
参考文档:
https://blog.csdn.net/gmijie/article/details/79475153
https://blog.csdn.net/qq_23250633/article/details/81327001
https://blog.csdn.net/u014526891/article/details/82822647
https://blog.csdn.net/belonghuang157405/article/details/83301937
https://www.jianshu.com/p/b81e1b7c0efb