docker收集日志到es并展示

1、安装es

注意：关闭xpack.security.enabled: false 权限认证
      允许跨域
       http.cors.enabled: true
       http.cors.allow-origin: "*
https://blog.csdn.net/qq_40739917/article/details/131654563
docker run --name elasticsearch -p 9200:9200 -p 9300:9300 -e "discovery.type=single-node" -d elasticsearch:8.8.1
docker exec -it elasticsearch bash
cd /usr/share/elasticsearch/config
docker cp elasticsearch.yml elasticsearch:/usr/share/elasticsearch/config/

2、自己手动打包filebeat

#下载程序包
wget https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-8.10.3-linux-x86_64.tar.gz
#修改配置文件
[root@localhost filebeat]# cat filebeat.yml
filebeat.config:
  modules:
    path: ${path.config}/modules.d/*.yml
    reload.enabled: false

processors:
- add_cloud_metadata: ~
- add_docker_metadata: ~

filebeat.inputs:
- type: log
  enabled: true
  paths:
   - /var/lib/docker/containers/*/*-json.log

output.elasticsearch:
  allow_older_versions: true  #允许使用older的es
  hosts: '100.98.100.186:9200'
  
#创建dockerfile
[root@localhost filebeat]# cat dockerfile 
FROM centos
MAINTAINER wukc
ADD localtime /etc/localtime
RUN echo 'Asia/Shanghai'>/etc/timezone
ADD filebeat /filebeat
WORKDIR /filebeat
EXPOSE 80
CMD ["/filebeat/filebeat"]
#构建images
docker build -t filebeat:8.10.3 .
#运行容器
docker run -d --name=filebeat --restart=always -v /var/lib/docker/containers/:/var/lib/docker/containers/  filebeat:8.10.3
docker run -it --rm filebeat:8.10.3 bash  #调试运行方法
#备份images
docker push wukc/filebeat:8.10.3

3、#查询索引内容

curl -XGET http://100.98.100.186:9200/.ds-filebeat-8.10.3-2023.10.31-000001/_search -H 'Content-Type: application/json' -d '
{
"query": {
"match_all": {}
}

4、安装es的dashboard

docker run --restart=unless-stopped -d -p 8090:8090 kecikeci/elastic_view:latest
http://100.98.100.186:8090 admin/admin

5、结果展示