一、目录结构
/srv/elk
├── es
│ ├── config
│ ├── data
│ │ └── nodes
│ └── logs
│ ├── gc.log
│ ├── gc.log.00
│ ├── gc.log.01
│ ├── gc.log.02
│ ├── gc.log.03
│ └── gc.log.04
├── kibana
│ └── kibana.yml
└── logstash
├── config
│ ├── logstash.yml
│ └── pipelines.yml
└── pipeline
└── logstash_dev.conf
二、创建配置
mkdir -p /srv/elk/es/config
mkdir -p /srv/elk/es/data
mkdir -p /srv/elk/es/logs
mkdir -p /srv/elk/kibana
mkdir -p /srv/elk/logstash/config
mkdir -p /srv/elk/logstash/pipeline
kibana.yml
erver.name: kibana
server.host: "0"
elasticsearch.hosts: ["elasticsearch:9200"]
xpack.monitoring.ui.container.elasticsearch.enabled: true
logstash.yml
config:
reload:
automatic: true
interval: 3s
xpack:
management.enabled: false
monitoring.enabled: false
pipelines.yml
- pipeline.id: logstash_dev
path.config: /usr/share/logstash/pipeline/logstash_dev.conf
logstash_dev.conf
input {
beats {
port => 9900
}
}
filter {
grok {
match => { "message" => "%{COMBINEDAPACHELOG}" }
}
mutate {
convert => {
"bytes" => "integer"
}
}
geoip {
source => "clientip"
}
useragent {
source => "user_agent"
target => "useragent"
}
date {
match => ["timestamp", "dd/MMM/yyyy:HH:mm:ss Z"]
}
}
output {
stdout { }
elasticsearch {
hosts => ["elasticsearch:9200"]
index => "logstash-poc"
}
}
elk.yml
version: '3.8'
services:
elasticsearch:
image: swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.elastic.co/elasticsearch/elasticsearch:7.9.3
container_name: elasticsearch
environment:
- discovery.type=single-node
- bootstrap.memory_lock=true
# ===== 安全认证开启 =====
- xpack.security.enabled=true
- xpack.security.transport.ssl.enabled=false
# ES 内置 elastic 用户密码
- ELASTIC_PASSWORD=123456
- ES_JAVA_OPTS=-Xms1g -Xmx1g
ulimits:
memlock:
soft: -1
hard: -1
ports:
- "9201:9200"
volumes:
- /srv/elk/es/data:/usr/share/elasticsearch/data
- /srv/elk/es/logs:/usr/share/elasticsearch/logs
restart: unless-stopped
logstash:
image: swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.elastic.co/logstash/logstash:7.9.3
container_name: logstash
environment:
- LS_JAVA_OPTS=-Xms512m -Xmx512m
# 让 Logstash 访问 ES 用 elastic 用户
- ELASTICSEARCH_HOSTS=http://elasticsearch:9200
- ELASTICSEARCH_USERNAME=elastic
- ELASTICSEARCH_PASSWORD=123456
ports:
- "5044:5044"
- "9600:9600"
volumes:
- /srv/elk/logstash/pipeline:/usr/share/logstash/pipeline
- /srv/elk/logstash/config:/usr/share/logstash/config
depends_on:
- elasticsearch
restart: unless-stopped
kibana:
image: swr.cn-north-4.myhuaweicloud.com/ddn-k8s/docker.elastic.co/kibana/kibana:7.9.3
container_name: kibana
ports:
- "5601:5601"
environment:
- SERVER_NAME=kibana
- SERVER_HOST=0.0.0.0
# Kibana 访问 ES 的账号
- ELASTICSEARCH_HOSTS=http://elasticsearch:9200
- ELASTICSEARCH_USERNAME=elastic
- ELASTICSEARCH_PASSWORD=123456
depends_on:
- elasticsearch
restart: unless-stopped
三、第一次启动 & 设置密码
#1、启动 ES(先只启动 ES)
docker-compose up -d elasticsearch
#2、进入容器,初始化密码
docker exec -it elasticsearch bash
#你会被要求给这些账号设置密码(**请记好**):
# elastic
# kibana_system
# logstash_system
bin/elasticsearch-setup-passwords interactive
四、修改elk.yml文件中elasticsearch的访问密码,启动全套 ELK
docker-compose up -d
五、验证
# Elasticsearch(必须带认证)
curl -u elastic http://localhost:9201
# Kibana
浏览器访问:http://宿主机IP:5601
# 能看到 Kibana UI,说明全链路 OK
