elk container Practice (Nginx log statistics)

1, running on the management machine
Docker Swarm --advertise the init-addr 192.168.204.135

2, operation (to join the cluster) on the node computer
Docker Swarm the Join \
--token SWMTKN-1-48w6yubnwxpbboqo296es90r7snmru0q2dnwmthq1i7a6qlom9-8xuklnbfys5vdcx3pkyf4u3ha \
192.168.204.135:2377

. 3, in run (Nginx cluster) on the management machine
Docker nginx---name the Create Web Service \
--mount of the type = the bind, Source = / root / nginx / the WWW, Where do you want = / usr / report this content share / nginx / HTML \
--mount the bind of the type = , Source = / the root / Nginx / logs, Where do you want = / var / log / Nginx \
--mount the bind type =, = Source / etc / localtime, Where do you want = / etc / localtime \
--replicas 2 --publish 10080: 80 nginx: latest
Remark: the host and the container has a catalog correspondence between the

4, open the page in a browser to view the effect of


5, download elk image
Docker pull sebp / elk
6, running elk
docker run -p 5601:5601 -p 9200:9200 -p 5044:5044 -v /root/nginx/logs:/data -it -d --name elk-guodong sebp/elk
7、配制logstash
input {
file {
path => "/data/access.log"
start_position => "beginning"
}
}i
nput {
file {
path => "/data/access-201900000002.log "
start_position => "beginning"
}
}f
ilter{ grok {
match => { "message" => "%{IPORHOST:clientip} - - [%{HTTPDATE:timestamp}]
\"(?:%{WORD:verb} %{NOTSPACE:request}(?:
HTTP/%{NUMBER:httpversion})?|%{DATA:rawrequest})\" %{NUMBER:response}
(?:%{NUMBER:bytes}) %{QS:referrer} %{QS:agent}" }
}
}
output {
elasticsearch {
= the hosts> [ "192.168.204.135:9200"]
}
stdout = {CODEC> rubydebug}
}
. 8, starting logstash (running into the container)
/ opt / logstash / bin / logstash --path.data / the root / -f / Data /config/logstash.conf
9, review and preparation
http://192.168.204.135:5601/app/kibana#/management/kibana/index?_g = ()
10, can create an index discover interface
11, in visualize interface visualization (e.g., drawing icons, etc.)
12, the effect of