docker安装ELK
logstash.yml 配置文件
http.host: "0.0.0.0" path.config: /usr/share/logstash/config/logstash.conf path.logs: /data/logs/presale
logstash.conf 配置文件
input {
beats {
host => "172.20.120.50"
port => 5044
}
}
filter {
date {
match => ["datetime","yyyy-MM-dd HH:mm:ss.SSS"]
target => "@timestamp"
}
}
output {
if "presale" in [tags] {
elasticsearch {
hosts => ["172.20.120.10:9200"]
}
}
stdout{ codec => rubydebug}
filebeat.yml 配置文件
filebeat.inputs:
- type: log
enabled: true
paths:
- "/data/logs/presale/*.log"
fields:
type: "presale"
multiline:
pattern: '^\s*(\d{4}|\d{2})\-(\d{2}|[a-zA-Z]{3})\-(\d{2}|\d{4})\s\d{2}:\d{2}:\d{2}.\d{3}'
negate: true
match: after
json.message_key: log
json.keys_under_root: true
- type: log
enabled: true
paths:
- "/data/logs/adManageService/*.log"
fields:
type: "adManageService"
multiline:
pattern: '^\s*(\d{4}|\d{2})\-(\d{2}|[a-zA-Z]{3})\-(\d{2}|\d{4})\s\d{2}:\d{2}:\d{2}.\d{3}'
negate: true
match: after
json.message_key: log
json.keys_under_root: true
output.elasticsearch:
hosts: ["172.20.120.10:9200"]
indices:
- index: "filebeat-preslae"
when.equals:
fields.type: "presale"
- index: "filebeat-ad-manager"
when.equals:
fields.type: "adManageService"
安装docker-elk的yml文件
version: "2.1"
services:
es:
image: docker.elastic.co/elasticsearch/elasticsearch:7.7.0
container_name: elasticsearch
volumes:
- /data/docker/elk/es/data:/usr/share/elasticsearch/data
- /data/docker/elk/es/logs:/usr/share/elasticsearch/logs
environment:
- "discovery.type=single-node"
- KEYSTORE_PASSWORD=123456
- TAKE_FILE_OWNERSHIP=true
ports:
- "9200:9200"
- "9300:9300"
networks:
elk:
ipv4_address: 172.20.120.10
kibana:
image: docker.elastic.co/kibana/kibana:7.7.0
container_name: kibana
environment:
- I18N_LOCALE=zh-CN
- SERVER_HOST="0.0.0.0"
- ELASTICSEARCH_URL="http://172.20.120.10:9200"
ports:
- "5601:5601"
networks:
elk:
ipv4_address: 172.20.120.30
logstash:
image: docker.elastic.co/logstash/logstash:7.7.0
container_name: logstash
volumes:
- /data/docker/elk/logstash/pipeline:/usr/share/logstash/pipeline
- /data/docker/elk/logstash/config:/usr/share/logstash/config
environment:
- I18N_LOCALE=zh-CN
ports:
- "5044:5044"
networks:
elk:
ipv4_address: 172.20.120.50
filebeat:
image: docker.elastic.co/beats/filebeat:7.7.0
container_name: filebeat
user: root
volumes:
- /data/docker/logs:/data/logs
- /data/docker/elk/filebeat/filebeat.yml:/usr/share/filebeat/filebeat.yml
networks:
elk:
ipv4_address: 172.20.120.70
networks:
elk:
name: elk
driver: bridge
ipam:
driver: default
config:
- subnet: 172.20.120.0/24
gateway: 172.20.120.1
docker-compose 执行yml文件
docker-compse -f elk.yml up -d
浙公网安备 33010602011771号