一、实验环境:
二、上传三个镜像:elasticsearch、kibana、logstash862.tar
三、导入镜像elasticsearch、kibana、logstash862.tar
[root@Server10 ~]# ls
anaconda-ks.cfg elasticsearch862.tar kibana862.tar logstash862.tar
[root@Server10 ~]# docker load < elasticsearch862.tar 导入elasticsearch的镜像
d543b8cad89e: Loading layer 75.16MB/75.16MB
ed47baea0901: Loading layer 20.54MB/20.54MB
4e3be8ee5b1b: Loading layer 350.2kB/350.2kB
5f70bf18a086: Loading layer 1.024kB/1.024kB
3287087ae274: Loading layer 1.196GB/1.196GB
61017983c96a: Loading layer 26.62kB/26.62kB
60de94a98beb: Loading layer 6.656kB/6.656kB
ad7d2307e777: Loading layer 521.7kB/521.7kB
9d38946fce9a: Loading layer 3.584kB/3.584kB
f1d9410236fe: Loading layer 146.4kB/146.4kB
Loaded image: elasticsearch:8.6.2
[root@Server10 ~]# docker load < kibana862.tar 导入kibana的镜像
99303449edb4: Loading layer 26.52MB/26.52MB
9ac577d2bdec: Loading layer 26.62kB/26.62kB
42595c3181d3: Loading layer 3.072kB/3.072kB
ec1493750028: Loading layer 20.34MB/20.34MB
5f70bf18a086: Loading layer 1.024kB/1.024kB
d2d1ffd28f75: Loading layer 35.33kB/35.33kB
7d6cfc2ab4ac: Loading layer 641.9MB/641.9MB
8b591826af94: Loading layer 2.048kB/2.048kB
df575e320097: Loading layer 4.096kB/4.096kB
8f024be44f43: Loading layer 19.97kB/19.97kB
2501ac3b7b49: Loading layer 4.096kB/4.096kB
759529bdb06c: Loading layer 510.5kB/510.5kB
908b9e800975: Loading layer 341.5kB/341.5kB
Loaded image: kibana:8.6.2
[root@Server10 ~]# docker load < logstash862.tar 导入logstash862.tar的镜像
8679120a621c: Loading layer 78.75MB/78.75MB
cfd7d07e15c4: Loading layer 341.5kB/341.5kB
f47d198a4226: Loading layer 588.6MB/588.6MB
5f70bf18a086: Loading layer 1.024kB/1.024kB
39365a72adc8: Loading layer 4.096kB/4.096kB
361eda3b69da: Loading layer 4.096kB/4.096kB
50f0bf9361b1: Loading layer 4.608kB/4.608kB
6047bef85b7e: Loading layer 4.096kB/4.096kB
3172992a7fdc: Loading layer 14.34kB/14.34kB
463f609814a8: Loading layer 3.035MB/3.035MB
372fd4637dd8: Loading layer 3.584kB/3.584kB
Loaded image: logstash:8.6.2
[root@Server10 ~]#
四、进入家目录创建elasticsearch的配置文件
[root@Server10 ~]# docker images 查看docker镜像
REPOSITORY TAG IMAGE ID CREATED SIZE
nginx 1.26.0 94543a6c1aef 13 months ago 188MB
kibana 8.6.2 65e53ffb7df5 2 years ago 727MB
elasticsearch 8.6.2 04485c81cc2d 2 years ago 1.29GB
logstash 8.6.2 5bc835694772 2 years ago 732MB
[root@Server10 ~]# cd /home/ 进入家目录
[root@Server10 home]# vim elasticsearch.yml 创建elasticsearch的配置文件
cluster.name: "docker-cluster" 创建elasticsearch集群的名称:docker-cluster
network.host: 0.0.0.0 网络主机为任何IP
discovery.seed_hosts: 0.0.0.0 集群发现为任何主机
network.bind_host: 0.0.0.0 网络绑定为任何主机
http.port: 9200 网站的端口号为:9200
# Enable security features
xpack.security.enabled: false 禁用无身份认证,权限控制,任何人可访问集群
xpack.security.enrollment.enabled: false 禁用无身份认证,权限控制,任何人可访问集群
# Enable encryption for HTTP API client connections, such as Kibana, Logstash, and Agents
xpack.security.http.ssl:
enabled: false 未启用tls加密,用http访问(要是加密了,就是https访问)
# Enable encryption and mutual authentication between cluster nodes
xpack.security.transport.ssl:
enabled: false 禁用安全功能
Elastic镜像,根据配置文件生成容器
[root@Server10 home]#
五、使用elasticsearch镜像生成容器,并建立端口映射
[root@Server10 home]# docker run -d --name elasticsearch -p 9200:9200 -p 9300:9300 -v /home/elasticsearch.yml:/usr/share/elasticsearch/config/elastic.yml -e
使用elasticsearch镜像。生成elasticsearch的容器,并建立端口映射,和配置文件的映射。
"discovery.type=single-node" elasticsearch:8.6.2 发现类型为单一节点
e6b84293deaf2d6416ce2c5c57ed0699d972bf7736157daa6a6579d5a30b43f5
六、web上测试
七、使用kibana的镜像生成kibana的容器,建立elasticsearch的连接
[root@server11 home]# docker run -d --name kibana --link elasticsearch:elasticsearch -e "I18N_LOCALE=zh-CN" -p 5601:5601 kibana:8.6.2
#使用kibana的镜像,在后台生成kibana的容器,--link elasticsearch建立elasticsearch的连接,-e "I18N_LOCALE=zh-CN" 支持简体中文编码
f8146861b244cec0c61e1e7d59d4d4841d405164c78decda6ec464a10ce80da6
[root@server11 home]# docker ps 查看正在运行的容器
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
f8146861b244 kibana:8.6.2 "/bin/tini -- /usr/l…" 15 seconds ago Up 14 seconds 0.0.0.0:5601->5601/tcp, [::]:5601->5601/tcp kibana
40c392841de4 elasticsearch:8.6.2 "/bin/tini -- /usr/l…" 2 minutes ago Up 2 minutes 0.0.0.0:9200->9200/tcp, [::]:9200->9200/tcp, 0.0.0.0:9300->9300/tcp, [::]:9300->9300/tcp elasticsearch
八、测试elastic是否搭建成功
九、编辑配置logstash文件
[root@server11 home]# vim logstash.yml 编辑logstash文件
input {
stdin { }
#为logstash增加tcp输入口,后面springboot接入会用到 输入端
tcp {
mode => "server"
host => "0.0.0.0"
port => 5043
codec => json_lines 日志文件的格式
}
}
output {
stdout {
codec => rubydebug
}
elasticsearch {
hosts => ["http://192.168.7.11:9200"]
# 输出至elasticsearch中的自定义index名称 输出端
index => "xiaobawang-%{+YYYY.MM.dd}" 公司名称“年月日”
}
}
十、创建logstash容器,建立端口映射
[root@server11 home]# docker run -d --name logstash -p 5043:5043 -p 5044:5044 --privileged=true -v /home/logstash.yml:/usr/share/logstash/pipeline/logstash.yml logstash:8.6.2
#docker使用logstash的镜像,使用logstash容器,建立端口映射和日志文件的映射;--privileged=true授权访问
ac8027fef164f304b5d747967d893162033b62b898b9aa51ac40a98aaae61c86
[root@server11 home]# docker ps 查看正在运行的容器
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
ac8027fef164 logstash:8.6.2 "/usr/local/bin/dock…" 9 seconds ago Up 9 seconds 0.0.0.0:5043-5044->5043-5044/tcp, [::]:5043-5044->5043-5044/tcp, 9600/tcp logstash
#Up logstash容器创建成功
f8146861b244 kibana:8.6.2 "/bin/tini -- /usr/l…" 17 minutes ago Up 17 minutes 0.0.0.0:5601->5601/tcp, [::]:5601->5601/tcp kibana
40c392841de4 elasticsearch:8.6.2 "/bin/tini -- /usr/l…" 19 minutes ago Up 19 minutes 0.0.0.0:9200->9200/tcp, [::]:9200->9200/tcp, 0.0.0.0:9300->9300/tcp, [::]:9300->9300/tcp elasticsearch
[root@server11 home]#
十一、容器出错如何处理?
[root@server10 home]# docker stop 0cc6ba982c77 如果容器出错如何处理?停止logstash容器;
0cc6ba982c77
[root@server10 home]# docker rm 0cc6ba982c77 删除logstash容器
0cc6ba982c77
[root@server10 home]# docker ps 查看正在运行的容器
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
8daca51757ff kibana:8.6.2 "/bin/tini -- /usr/l…" 34 minutes ago Up 33 minutes 0.0.0.0:5601->5601/tcp, :::5601->5601/tcp kibana
3ee8ad9ee6c8 elasticsearch:8.6.2 "/bin/tini -- /usr/l…" 39 minutes ago Up 39 minutes 0.0.0.0:9200->9200/tcp, :::9200->9200/tcp, 0.0.0.0:9300->9300/tcp, :::9300->9300/tcp elasticsearch
[root@server10 home]# vim logstash.yml
[root@server10 home]#
[root@server10 home]# docker run -d --name logstash -p 5043:5043 -p 5044:5044 --privileged=true -v /home/logstash.yml:/usr/share/logstash/pipeline/logstash.yml logstash:8.6.2
a98e5052db6ed9f1bcd445d7bebf12e710eb7ba741e1807f0ce556dc7ce44bc4 在生成logstash容器
[root@server10 home]#
[root@server10 home]# docker ps
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
a98e5052db6e logstash:8.6.2 "/usr/local/bin/dock…" 3 seconds ago Up 3 seconds 0.0.0.0:5043-5044->5043-5044/tcp, :::5043-5044->5043-5044/tcp, 9600/tcp logstash
8daca51757ff kibana:8.6.2 "/bin/tini -- /usr/l…" 34 minutes ago Up 34 minutes 0.0.0.0:5601->5601/tcp, :::5601->5601/tcp kibana
3ee8ad9ee6c8 elasticsearch:8.6.2 "/bin/tini -- /usr/l…" 40 minutes ago Up 40 minutes 0.0.0.0:9200->9200/tcp, :::9200->9200/tcp, 0.0.0.0:9300->9300/tcp, :::9300->9300/tcp elasticsearch
[root@server10 home]# docker exec -it a98e5052db6e bash 进入logstash容器
logstash@a98e5052db6e:~$ /usr/share/logstash/bin/logstash-plugin install logstash-codec-json_lines 安装插件,插件的作用:logstash采集的日志是JSON格式
Using bundled JDK: /usr/share/logstash/jdk
Validating logstash-codec-json_lines
Resolving mixin dependencies
Updating mixin dependencies logstash-mixin-ecs_compatibility_support, logstash-mixin-event_support, logstash-mixin-validator_support
Bundler attempted to update logstash-mixin-ecs_compatibility_support but its version stayed the same
Bundler attempted to update logstash-mixin-event_support but its version stayed the same
Installing logstash-codec-json_lines
Installation successful
logstash@a98e5052db6e:~$
[root@server10 home]# docker restart logstash 重启本地日志容器
