ELK学习(一) ---- ELK环境搭建

环境: windows10
Docker version 20.10.5, build 55c4c88
docker-compose version 1.29.0, build 07737305
参考: https://cloud.tencent.com/developer/article/1703928
https://blog.csdn.net/netceor/category_10760948.html 等等 ,因为好多我也找不到了

1,docker-compose.yml

version: '3.7'

services:
  elasticsearch:
    image: elasticsearch:7.6.2 
    container_name: elasticsearch
    #restart: always
    ports: 
        - 9200:9200
        - 9300:9300
    volumes:
        - type: bind
          source: /d/Repository/docker/containers/elk/elasticsearch/config/elasticsearch.yml
          target: /usr/share/elasticsearch/config/elasticsearch.yml
          read_only: true
          
    environment:
        ES_JAVA_OPTS: "-Xmx1024m -Xms1024m"
        ELASTIC_PASSWORD: Ux4HrQK9uuD3YcyM
        discovery.type: single-node
    networks:
      - elk_test

  kibana:
    image: kibana:7.6.2 
    container_name: kibana
    #restart: always
    ports: 
        - 5601:5601
    volumes:
        - type: bind
          source: /d/Repository/docker/containers/elk/kibana/config/kibana.yml
          target: /usr/share/kibana/config/kibana.yml
          read_only: true
    depends_on:
      - elasticsearch
    networks:
      - elk_test  
      
  logstash:
    image: logstash:7.5.1
    container_name: logstash
    ports:
      - 5044:5044
      - 5000:5000
      - 9600:9600
    volumes:
      - type: bind
        source: /d/Repository/docker/containers/elk/logstash/config/logstash.yml
        target: /usr/share/logstash/logstash.yml
      - type: bind
        source: /d/Repository/docker/containers/elk/logstash/pipeline/logstash.conf
        target: /usr/share/logstash/pipeline/logstash.conf
      - type: bind
        source: /d/Repository/docker/containers/elk/logstash/messages
        target: /var/log/messages 
    environment:
      LS_JAVA_OPTS: "-Xmx512m -Xms512m"  
    depends_on:
      - elasticsearch
    networks:
      - elk_test  
        
networks:
  elk_test:
    driver: bridge        

2. ELK相应的配置文件

elasticsearch配置文件

elasticsearch.yml

network.host: 0.0.0.0

kibana 配置文件
kibana.yml

server.name: kibana
server.host: 0.0.0.0
elasticsearch.hosts: [ "http://elasticsearch:9200" ]
elasticsearch.username: elasticsearch
elasticsearch.password: Ux4HrQK9uuD3YcyM

logstash 配置文件
logstash.conf

input {
    
    
        file {
    
    
            codec=> json
                path => "/var/log/messages/*.json"
        }
}
output {
    
    
  elasticsearch {
    
    
    hosts => ["elasticsearch:9200"]
    index => "logstash-system-localhost-%{+YYYY.MM.dd}"
 }
}

logstash.yml

http.host: "0.0.0.0"
xpack.monitoring.elasticsearch.hosts: [ "http://elasticsearch:9200" ]

xpack.monitoring.enabled: true
xpack.monitoring.elasticsearch.username: elasticsearch
xpack.monitoring.elasticsearch.password: Ux4HrQK9uuD3YcyM

以上是docker-compose.yml 文件和 ELK各个配置文件

3. 验证:
配置文件放置对应的文件夹下 然后通过docker-compose up 启动 等控制台不动了
然后在 /d/Repository/docker/containers/elk/logstash/messages 文件夹中创建 任意以json结尾的json文件

可以在控制台看到相应的变化
同时可以在kibana中看到

这说数据已经由 logstash 传输到 elasticsearch 中了

这只能说明环境搭建好了!
虽然暂时还没啥用!!!