快速使用docker搭建ELK日志分析系统

ELK日志分析

ElasticSearch+Logstash+Kibana

1.下载docker镜像

docker pull elasticsearch:5.6.11
docker pull kibana:5.6.11
docker pull logstash:5.6.15

2.创建ElasticSearch实例

#创建外部映射目录
mkdir -p /mydata/elasticsearch/config
mkdir -p /mydata/elasticsearch/data
#配置允许访问的ip地址
echo "http.host: 0.0.0.0" >> /mydata/elasticsearch/config/elasticsearch.yml
#启动docker镜像
docker run --name elasticsearch -p 9200:9200 -p 9300:9300 \
-e "discovery.type=single-node" \
-e ES_JAVA_OPTS="-Xms256m -Xmx256m" \
-v /mydata/elasticsearch/config/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml \
-v /mydata/elasticsearch/data:/usr/share/elasticsearch/data -d elasticsearch:5.6.11

#特别注意：
#-e ES_JAVA_OPTS="-Xms256m -Xmx256m" \ 测试环境下，设置ES的初始内存和最大内存，否则导致过大启动不了ES

3.创建kibana实例

#启动kibana镜像，配置好es的ip和端口号，可以直接访问5601端口登陆可视化界面
docker run --name kibana -e ELASTICSEARCH_URL=http://192.168.214.131:9200 -p 5601:5601 \
-d kibana:5.6.11

4.创建Logstash实例

• 首先在mydata/logstash中创建logstash.conf文件

• 文件内容

  input {
      tcp {
          port => 4560
          codec => json_lines
      }
  }
  output{
    elasticsearch { 
  	hosts => ["192.168.159.130:9200"] 
  	index => "applog"
  	}
    stdout { codec => rubydebug }
  }
  

  注意：hosts一定不要写127或者localhost；这样docker容器内部127没有es实例，连不上

• 启动docker容器

  docker run -d -p 4560:4560 \
  -v /mydata/logstash/logstash.conf:/etc/logstash.conf \
  --link elasticsearch:elasticsearch \
  --name logstash logstash:5.6.15 \
  logstash -f /etc/logstash.conf
  

5.在项目中配置xml文件并导入相关maven依赖

• 导入maven依赖

  <dependency>
      <groupId>net.logstash.logback</groupId>
      <artifactId>logstash-logback-encoder</artifactId>
      <version>5.3</version>
  </dependency>
  

• 创建logback-spring.xml文件

  <?xml version="1.0" encoding="UTF-8"?>
  <!DOCTYPE configuration>
  <configuration>
      <include resource="org/springframework/boot/logging/logback/defaults.xml"/>
      <include resource="org/springframework/boot/logging/logback/console-appender.xml"/>
      <!--应用名称-->
      <property name="APP_NAME" value="mall-admin"/>
      <!--日志文件保存路径-->
      <property name="LOG_FILE_PATH" value="${LOG_FILE:-${LOG_PATH:-${LOG_TEMP:-${java.io.tmpdir:-/tmp}}}/logs}"/>
      <contextName>${APP_NAME}</contextName>
      <!--每天记录日志到文件appender-->
      <appender name="FILE" class="ch.qos.logback.core.rolling.RollingFileAppender">
          <rollingPolicy class="ch.qos.logback.core.rolling.TimeBasedRollingPolicy">
              <fileNamePattern>${LOG_FILE_PATH}/${APP_NAME}-%d{yyyy-MM-dd}.log</fileNamePattern>
              <maxHistory>30</maxHistory>
          </rollingPolicy>
          <encoder>
              <pattern>${FILE_LOG_PATTERN}</pattern>
          </encoder>
      </appender>
      <!--输出到logstash的appender-->
      <appender name="LOGSTASH" class="net.logstash.logback.appender.LogstashTcpSocketAppender">
          <destination>192.168.214.131:4560</destination>
          <encoder charset="UTF-8" class="net.logstash.logback.encoder.LogstashEncoder"/>
      </appender>
      <root level="DEBUG">
          <appender-ref ref="CONSOLE"/>
          <appender-ref ref="FILE"/>
          <appender-ref ref="LOGSTASH"/>
      </root>
  </configuration>
  
  

6.在kibana中创建相关索引即可