Docker deployment ELK

surroundings

• centos 7.0 (3G memory at least, the installation package is large)
• docker 19.0
• ELK mirror sebp / elk (7.6.0 version)

Docker installation and deployment ELK

  Chose sebp / elk mirror, where there is little need to configure, docker search elk find stars up to pull down.

docker pull sebp/elk

  Corresponding first files are copied to the host which

1.创建文件夹
    mkdir /root/data/es/{conf,data}
    mkdir /root/data/logstash/config
 
2.在运行容器并且把容器里的配置cp到宿主机当中
     docker run --tid --name elk  sebp/elk
     docker cp -a elk:/opt/kibana/config/kibana.yml
     docker cp -a elk:/opt/logstash/config
 3.然后删除刚才创建的容器
      docker rm -f elk

1. Run elk

  After pull down, because the need to modify the configuration kibana, logstash and disposed so as to mount some common configuration directory to the vessel

1.命令
    docker run -tid -p 5601:5601 -p 5044:5044 -p 9200:9200 -p 9300:9300 \
     -v /root/data/es/conf/kibana.yml:/opt/kibana/config/kibana.yml \
     -v /root/data/es/data:/var/lib/elasticsearch \
     -v /root/data/logstash/config:/opt/logstash/config \
     --restart=always --name elk sebp/elk
 
2.命令解释
    -p 5601:5601 映射kibana端口
    -p 9200:9200 映射es端口
    -p 5044:5044 映射logstash端口
    -v /root/data/es/conf/kibana.yml:/opt/kibana/config/kibana.yml 挂载kibana配置文件
    -v /root/data/es/data:/var/lib/elasticsearch 挂载es数据源
    -v /root/data/logstash/config:/opt/logstash/config  挂载logstash配置
    --restart=always  自动启动

2. Configure logstash

  Logstash into the configuration folder, you will see the following configuration, examlogstash.conf is newly added profiles, pilelines.yml is the path to manage configuration files.

  Here I put the configuration file is loaded into the directory can opt not change, at the time of the /etc/logstash/conf.d/*.conf mount directory path to mount it.

  Modify the configuration, the input port may demand a custom port number provided externally, attention must be correct format, or will be error.

After configuration is complete, restart the elk at the ok

1.docker restart elk

3. 汉化 kibana

  Just find the host to mount a container file kibana.yml, adding i18n.locale inside: "zh-CN" line configuration, and then restart the next container ok.

windows client installation filebeat

  Download windows version from the official website filebeat client configuration filebeat.yml

  Logstash path configured here, as well as to crawl local directory

Run crawl log

 .\filebeat -e -c filebeat.yml

kibana arrangement

  After successfully crawl log into kibana them to create an index mode, if not crawl to the log, then look filebeat or docker whether logs for errors. Usually a configuration file syntax error.

  If successful crawl, click kibana top left of the green background of the D word. Then click on the index mode => create index mode , if there is already an index that will show you the index field, there is no index, then the system will give prompt.

  There are direct input index name index matching ok.