docker-compose run ELK

ELK Stack ELK Stack Comments

docker-comepost run ELK

1. 新增 elasticsearch 持久層資料夾

1
mkdir -m 777 /data/elasticsearch & mkdir -m 777 /data/elasticsearch2 & cp -r logstash /data/logstash

logstash.conf

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
file {
    path => "/usr/share/logstash/Log/*"
    type => "file"
    start_position => "beginning"
   }
 }

filter {
    grok {
           match => ["message", "%{TIMESTAMP_ISO8601:[@metadata][timestamp]} %{NUMBER:threadid} %{LOGLEVEL:loglevel} %{NOTSPACE:logger} %{GREEDYDATA:message}"]
           overwrite => [ "message" ]
        }
}

output {
  elasticsearch {
    hosts => ["elasticsearch:9200"]
    index => "logstash-test"  
   }
  stdout { codec => rubydebug}
}

docker-compose.yaml

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
version: '3.2'
services:
  elasticsearch:
    image: docker.elastic.co/elasticsearch/elasticsearch:6.7.0
    container_name: elasticsearch
    environment:
      - cluster.name=docker-cluster
      - bootstrap.memory_lock=true
      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
    ulimits:
      memlock:
        soft: -1
        hard: -1
    volumes:
      - /data/elasticsearch:/usr/share/elasticsearch/data
    ports:
      - 9200:9200
    networks:
      - esnet
  elasticsearch2:
    image: docker.elastic.co/elasticsearch/elasticsearch:6.7.0
    container_name: elasticsearch2
    environment:
      - cluster.name=docker-cluster
      - bootstrap.memory_lock=true
      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
      - "discovery.zen.ping.unicast.hosts=elasticsearch"
    ulimits:
      memlock:
        soft: -1
        hard: -1
    volumes:
      - /data/elasticsearch2:/usr/share/elasticsearch/data
    networks:
      - esnet
    restart: always
  kibana:
    image: docker.elastic.co/kibana/kibana:6.7.0
    container_name: kibana
    ports:
    - "5601:5601"
    restart: always
    networks:
      - esnet
  logstash:
    image: docker.elastic.co/logstash/logstash:6.7.0
    container_name: logstash
    volumes:
    - /tmp/Log/:/usr/share/logstash/Log
    - /data/logstash/pipeline:/usr/share/logstash/pipeline/
    restart: always
    networks:
      - esnet
networks:
  esnet:

2. docker-compose

全部啟動

1
docker-compose up -d

全部關閉

1
docker-compose  down

#參考