1、应用部署
Elasticsearch
- 创建目录:
mkdir -p /home/elk/elasticsearch/plugins mkdir -p /home/elk/elasticsearch/data mkdir -p /home/elk/elasticsearch/logs - 插件elasticsearch-analysis-ik-7.17.6解压到plugins目录下
- 分配权限:(没有权限会导致无法生成文件)
chmod 777 /home/elk/elasticsearch/plugins chmod 777 /home/elk/elasticsearch/data chmod 777 /home/elk/elasticsearch/logs - 拉取镜像:
docker pull elasticsearch:7.17.6 - 容器启动:
docker run -d --name=elasticsearch --restart=always -p 9200:9200 -p 9300:9300 \ -v /home/elk/elasticsearch/plugins:/usr/share/elasticsearch/plugins \ -v /home/elk/elasticsearch/data:/usr/share/elasticsearch/data \ -v /home/elk/elasticsearch/logs:/usr/share/elasticsearch/logs \ -e cluster.name=es-cluster \ -e discovery.type=single-node \ -e ES_JAVA_OPTS="-Xms256m -Xmx256m" \ -e TZ=Asia/Shanghai \ elasticsearch:7.17.6 - 访问:http://47.97.4.204:9200
Kibana
- 创建目录:
mkdir -p /home/elk/kibana/config - 创建配置文件/home/elk/kibana/config/kibana.yml
cd /home/elk/kibana/config touch kibana.yml vi kibana.ymlserver.host: "0.0.0.0" server.shutdownTimeout: "5s" elasticsearch.hosts: [ "http://47.97.4.204:9200" ] monitoring.ui.container.elasticsearch.enabled: true - 拉取镜像:
docker pull kibana:7.17.6 - 容器启动:
docker run -d --name=kibana --restart=always -p 5601:5601 \ -v /home/elk/kibana/config/kibana.yml:/usr/share/kibana/config/kibana.yml \ -e I18N_LOCALE=zh-CN \ -e SERVER_PUBLICBASEURL=http://47.97.4.204:5601 \ -e TZ=Asia/Shanghai \ kibana:7.17.6 - 访问:http://47.97.4.204:5601
Logstash
- 创建目录:
mkdir -p /home/elk/logstash/config mkdir -p /home/elk/logstash/pipeline - 创建配置文件/home/elk/logstash/config/logstash.yml
cd /home/elk/logstash/config touch logstash.yml vi logstash.ymlhttp.host: "0.0.0.0" xpack.monitoring.enabled: true xpack.monitoring.elasticsearch.hosts: ["http://47.97.4.204:9200"] pipeline.ecs_compatibility: disabled - 创建配置文件/home/elk/logstash/pipeline/logstash.conf
cd /home/elk/logstash/pipeline touch logstash.conf vi logstash.conf```conf input { tcp { mode => “server” host => “0.0.0.0” port => 4560 codec => json_lines tags => [ “tcp”, “application”] }
http { port => 5044 codec => json_lines tags => [“http”] } }
filter { # 转换 host 字段 mutate { rename => { “host” => “[host][ip]” } add_field => { “[host][name]” => “unknown” “[host][type]” => “external” } } }
output { elasticsearch { hosts => [“http://47.97.4.204:9200”] action => “create” index => “logs-%{[app]}-%{[env]}-%{+YYYY.MM.dd}” codec => “json” } stdout { codec => rubydebug } }
* 拉取镜像:
```sh
docker pull logstash:7.17.6
- 容器启动:
docker run -d --name=logstash --restart=always -p 4560:4560 -p 5044:5044 -p 9600:9600 \ -v /home/elk/logstash/config/logstash.yml:/usr/share/logstash/config/logstash.yml \ -v /home/elk/logstash/pipeline/logstash.conf:/usr/share/logstash/pipeline/logstash.conf \ -e LS_JAVA_OPTS="-Xmx256m -Xms256m" \ -e TZ=Asia/Shanghai \ logstash:7.17.6