Docker搭建EFK

1、安装ElasticSearch

拉取镜像

docker pull docker.elastic.co/elasticsearch/elasticsearch:7.1.1

创建资料卷

docker volume create es-data
docker volume create es-conf

启动

docker run -d -p 9200:9200 -p 9300:9300 -e "discovery.type=single-node"
--mount type=volume,source=es-data,target=/usr/share/elasticsearch/data
--mount type=volume,source=es-conf,target=/usr/share/elasticsearch/config
--name es docker.elastic.co/elasticsearch/elasticsearch:7.1.1

设置安全

配置文件 xpack.security.enabled: true
配置内置账户 bin/elasticsearch-setup-passwords interactive
详情见：https://www.elastic.co/guide/en/elasticsearch/reference/7.1/configuring-security.html

2、安装Kibana

拉取镜像

docker pull docker.elastic.co/kibana/kibana:7.1.1

创建资料卷

docker volume create kibana-conf

启动

docker run -d -p 5601:5601 -e "ELASTICSEARCH_HOSTS=http://localhost:9200"
--mount type=volume,source=kibana-conf,target=/usr/share/kibana/config
--name kibana docker.elastic.co/kibana/kibana:7.1.1

配置文件

elasticsearch.username: "elastic"
elasticsearch.password: "123456"
#设置中文
i18n.locale: "zh-CN"

3、安装Fluentd

编写具有ElasticSearch功能的镜像指令 Dockerfile

fluentd/Dockerfile

FROM fluent/fluentd:v1.12.0-debian-1.0
USER root
RUN ["gem", "install", "fluent-plugin-elasticsearch", "--no-document", "--version", "4.3.3"]
USER fluent

创建资料卷

docker volume create fluentd-conf

启动

docker run -d -p 9880:9880
--mount type=volume,source=fluentd-conf,target=/fluentd/etc
--name fluentd fluent/fluentd:edge-debian

配置文件

@type http
port 9880
bind 0.0.0.0
body_size_limit 8m
keepalive_timeout 10s


@type elasticsearch
host 192.168.196.133
port 9200
logstash_format true
user elastic
password dh#5201


@type stdout