一、三者介绍
1.Elasticsearch
Elasticsearch 是使用java开发,基于Lucene、分布式、通过Restful方式进行交互的近实时搜索平台框架。它的特点有:分布式,零配置,自动发现,索引自动分片,索引副本机制,restful风格接口,多数据源,自动搜索负载等。
2.Logstash
Logstash 基于java开发,是一个数据抽取转化工具。一般工作方式为c/s架构,client端安装在需要收集信息的主机上,server端负责将收到的各节点日志进行过滤、修改等操作在一并发往elasticsearch或其他组件上去。
3.Kibana
Kibana 基于nodejs,也是一个开源和免费的可视化工具。Kibana可以为 Logstash 和 ElasticSearch 提供的日志分析友好的 Web 界面,可以汇总、分析和搜索重要数据日志。
二、版本选择
以7.17.7为例,dockerHub官网地址:hub.docker.com/_/elasticse…
三、创建数据库
结构:
sql创建语句:
DROP TABLE IF EXISTS `sys_log`;
CREATE TABLE `sys_log` (
`id` bigint(20) NOT NULL AUTO_INCREMENT COMMENT '日志主键',
`title` varchar(50) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT '' COMMENT '模块标题',
`business_type` int(2) NULL DEFAULT 0 COMMENT '业务类型(0其它 1新增 2修改 3删除)',
`method` varchar(100) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT '' COMMENT '方法名称',
`request_method` varchar(10) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT '' COMMENT '请求方式',
`oper_name` varchar(50) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT '' COMMENT '操作人员',
`oper_url` varchar(255) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT '' COMMENT '请求URL',
`oper_ip` varchar(128) CHARACTER SET utf8 COLLATE utf8_general_ci NULL DEFAULT '' COMMENT '主机地址',
`oper_time` datetime(0) NULL DEFAULT NULL COMMENT '操作时间',
PRIMARY KEY (`id`) USING BTREE
) ENGINE = InnoDB AUTO_INCREMENT = 1585197503834284034 CHARACTER SET = utf8 COLLATE = utf8_general_ci COMMENT = '操作日志记录' ROW_FORMAT = Dynamic;
SET FOREIGN_KEY_CHECKS = 1;
四、elk创建准备
1.根据文件目录结构,创建文件夹
其中elasticsearch/data 文件权限要给够,不然会报错:ElasticsearchException[failed to bind service]; nested: AccessDeniedException[/usr/share/elasticsearch/data/nodes]
2.es挂载
vim /elk/elasticsearch/config/elasticsearch.yml
输入:
http.host: 0.0.0.0
xpack.security.enabled: false
http.host:任何地址都可以访问。
xpack.security.enabled:关闭密码认证
3.Kibana挂载
vim /elk/kibana/config/kibana.yml
输入:
server.host: 0.0.0.0
elasticsearch.hosts: [ "http://127.0.0.1:9200" ]
4.Logstash挂载
vim /elk/logstash/config/logstash.yml
输入:
http.host: 0.0.0.0
xpack.monitoring.elasticsearch.hosts: [ "http://127.0.0.1:9200" ]
记录存放:
touch log
chmod 777 log
vim /elk/logstash/config/logstash.conf
输入
input {
stdin {
}
jdbc {
jdbc_connection_string => "jdbc:mysql://127.0.0.1:3306/test?useUnicode=true&characterEncoding=utf8&serverTimezone=UTC"
jdbc_user => "root"
jdbc_password => "root"
jdbc_driver_library => "mysql-connector-java-8.0.28.jar"
jdbc_driver_class => "com.mysql.jdbc.Driver"
jdbc_paging_enabled => "true"
jdbc_page_size => "300000"
statement => "SELECT id, title, business_type, method, request_method, oper_name, oper_url, oper_ip, oper_time FROM sys_log"
schedule => "*/2 * * * *"
use_column_value => false
tracking_column_type => "timestamp"
tracking_column => "oper_time"
record_last_run => true
jdbc_default_timezone => "Asia/Shanghai"
last_run_metadata_path => "/usr/share/logstash/config/log"
}
}
output {
elasticsearch {
hosts => ["127.0.0.1:9200"]
index => "sys_log"
document_id => "%{id}"
}
stdout {
codec => json_lines
}
}
流水线指定上面的配置文件:
vim /elk/logstash/config/pipelines.yml
输入
- pipeline.id: sys_log
path.config: "/usr/share/logstash/config/logstash.conf"
/elk/logstash/config/下的文件为:
其中mysql-connector-java-8.0.28.jar需自己手动上传
如果没有修改权限,将把上面建的文件夹和文件赋予修改权限:
chmod 777 文件名称
五、使用docker-compose搭建服务
docker-compose命令:其中version根据自己版本确定
#Docker Compose的版本
version: '3.3'
#配置我们自己的服务
services:
elasticsearch:
image: elasticsearch:7.17.7
container_name: c_elasticsearch
ports:
- "9200:9200"
- "9300:9300"
environment:
- cluster.name=elasticsearch
- discovery.type=single-node
- "ES_JAVA_OPTS=-Xms512m -Xmx512m"
volumes:
- ./elk/elasticsearch/plugins:/usr/share/elasticsearch/plugins
- .elk/elasticsearch/data:/usr/share/elasticsearch/data
- ./elk/elasticsearch/logs:/usr/share/elasticsearch/logs
kibana:
image: kibana:7.17.7
container_name: c_kibana
ports:
- "5601:5601"
depends_on:
- elasticsearch
environment:
I18N_LOCALE: zh-CN
volumes:
- ./elk/kibana/config/kibana.yml:/usr/share/kibana/config/kibana.yml
logstash:
image: logstash:7.17.7
container_name: c_logstash
ports:
- "5044:5044"
volumes:
- ./elk/logstash/config:/usr/share/logstash/config
depends_on:
- elasticsearch
六、访问
地址:http://127.0.0.1:5601/app/home#/
