书接前文,本章介绍Logstash和Kibana组件的部署,测试环境哦别干生产,如有帮助到您请给个免费的赞呗!
1.Logstash
1.1 Docker-compose 配置片段
root@ubuntu2204test99:~/elkf# vi docker-compose.yml
logstash:
image: logstash:7.17.24
container_name: logstash-7.17.24
restart: always
environment:
- "LS_JAVA_OPTS=-Xms512m -Xmx512m"
ports:
- 5044:5044
- 9600:9600
volumes:
- /root/elkf/logstash/config/logstash.yml:/usr/share/logstash/config/logstash.yml
- /root/elkf/logstash/data:/usr/share/logstash/data
- /root/elkf/logstash/pipeline:/usr/share/logstash/pipeline
networks:
elk_net:
ipv4_address: 192.168.177.104
depends_on:
- es-node-1
- es-node-2
- es-node-3
1.2 Logstash 配置片段
1.2.1 logstash配置
root@ubuntu2204test99:~/elkf# vi logstash/config/logstash.yml
http.host: "0.0.0.0"
# 启用定时重新加载配置
config.reload.automatic: true
# 定时重新加载配置周期
config.reload.interval: 3s
# 持久队列
queue.type: persisted
# 控制耐久性
queue.checkpoint.writes: 1
# 死信队列
dead_letter_queue.enable: true
# 启用Logstash节点监控
xpack.monitoring.enabled: true
# Elasticsearch账号和密码
xpack.monitoring.elasticsearch.username: "elastic"
xpack.monitoring.elasticsearch.password: "123456"
# Elasticsearch节点地址列表(物理机内网IP,或者127.0.0.1)
xpack.monitoring.elasticsearch.hosts: ["es-node-1:9200", "es-node-2:9200", "es-node-3:9200"]
# 发现Elasticsearch集群的其他节点(端口包含除9200外的其它端口时需关闭)
# xpack.monitoring.elasticsearch.sniffing: true
# 发送监控数据的频率
xpack.monitoring.collection.interval: 10s
# 启用监控管道信息
xpack.monitoring.collection.pipeline.details.enabled: true
xpack.management.enabled: false
1.2.2 logstash 采集示例(可以不写)
root@ubuntu2204test99:~/elkf# vi logstash/pipeline/logstash.conf
input {
beats {
port => 5044
}
}
output {
stdout {
codec => rubydebug
}
}
2.Kibana
2.1 Docker-compose配置片段
root@ubuntu2204test99:~/elkf# vi docker-compose.yml
# 可视化工具
kibana:
image: kibana:7.17.24
container_name: kibana
ports:
- 5601:5601
volumes:
- /etc/localtime:/etc/localtime
- /root/elkf/kibana/config/kibana.yml:/usr/share/kibana/config/kibana.yml
- /root/elkf/kibana/config/node.options:/usr/share/kibana/config/node.options
networks:
elk_net:
ipv4_address: 192.168.177.103
depends_on:
- es-node-1
- es-node-2
- es-node-3
2.2 Kibana 配置片段
2.2.1 Kibana配置文件
root@ubuntu2204test99:~/elkf# vi kibana/config/kibana.yml
# 这里地址改为你访问kibana的地址,不能以 / 结尾
server.publicBaseUrl: "http://192.168.1.99:5601"
#设置Kibana映射端口
server.port: 5601
#设置网关地址
server.host: "0.0.0.0"
#设置Kibana实例对外展示的名称
server.name: "kibana"
#设置ES集群地址
elasticsearch.hosts: ["http://es-node-1:9200","http://es-node-2:9200","http://es-node-3:9200"]
#设置请求超时时长
elasticsearch.requestTimeout: 120000
#设置页面语言
i18n.locale: "zh-CN"
# 解释链接https://blog.csdn.net/u011311291/article/details/100041912
xpack.monitoring.ui.container.elasticsearch.enabled: true
# ES账号密码
elasticsearch.username: "kibana_system"
elasticsearch.password: "123456"
#配置本地索引
kibana.index: ".kibana"
2.2.2 Kibana节点配置
root@ubuntu2204test99:~/elkf# vi kibana/config/node.options
## Node command line options
## See `node --help` and `node --v8-options` for available options
## Please note you should specify one option per line
## max size of old space in megabytes
#--max-old-space-size=4096
## do not terminate process on unhandled promise rejection
--unhandled-rejections=warn
## restore < Node 16 default DNS lookup behavior
--dns-result-order=ipv4first
## enable OpenSSL 3 legacy provider
#--openssl-legacy-provider
3.查看服务启动是否正常
看Kibana是否能够正常登录
image-20251009165151504
查看logstash是否运行有异常
image-20251009171251217
