1.安装ES
1.1 下载ES镜像
docker pull elasticsearch:7.6.1
1.2 挂载目录
mkdir -p /usr/local/docker/elk/es/data
mkdir -p /usr/local/docker/elk/es/logs
mkdir -p /usr/local/docker/elk/es/config
chmod a+w /usr/local/docker/elk/es/data
chmod a+w /usr/local/docker/elk/es/logs
chmod a+w /usr/local/docker/elk/es/config
在/usr/local/docker/elk/es/config
目录下新建elasticsearch.yml
文件
cluster.name: my-application
network.host: 0.0.0.0
http.port: 9200
# 开启es跨域
http.cors.enabled: true
http.cors.allow-origin: "*"
http.cors.allow-headers: Authorization
xpack.security.enabled: true
xpack.security.transport.ssl.enabled: true
1.3 运行ES
docker run -d --name elasticsearch \
-p 9200:9200 -p 9300:9300 \
-v /usr/local/docker/elk/es/data:/usr/share/elasticsearch/data \
-v /usr/local/docker/elk/es/logs:/usr/share/elasticsearch/logs \
-v /usr/local/docker/elk/es/config/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml \
-e "discovery.type=single-node" \
elasticsearch:7.6.1
进入elasticsearch
容器 运行以下命令
进入容器
docker exec -it elasticsearch /bin/bash
设置密码 按y确认后即可设置密码
elasticsearch-setup-passwords interactive
![image.png](https://p9-juejin.byteimg.com/tos-cn-i-k3u1fbpfcp/0a258b87e90c4b4d9caeac9893ab4b1a~tplv-k3u1fbpfcp-watermark.awebp)
访问ES 输入刚刚设置elastic
用户的密码即可访问
![image.png](https://p9-juejin.byteimg.com/tos-cn-i-k3u1fbpfcp/90d69dbe0e6e4887b145e75b6cb22463~tplv-k3u1fbpfcp-watermark.awebp)
2. 安装Kibana
2.1 下载Kibana
镜像
docker pull kibana:7.6.1
2.2 挂载目录
mkdir -p /usr/local/docker/elk/kibana/config chmod a+w /usr/local/docker/elk/kibana/config
在/usr/local/docker/elk/kibana/config
目录新建 kibana.yml
文件
server.host: 0.0.0.0
server.port: 5601
elasticsearch.hosts: ["http://192.168.0.103:9200"]
elasticsearch.username: "kibana"
elasticsearch.password: "123456"
# 设置kibana为中文
#i18n.locale: "en"
#i18n.locale: "zh-CN"
2.3 运行Kibana
docker run -d --name kibana \
-p 5601:5601 \
-v /usr/local/docker/elk/kibana/config/kibana.yml:/usr/share/kibana/config/kibana.yml \
kibana:7.6.1
访问kibana
使用elastic
用户访问
![image.png](https://p6-juejin.byteimg.com/tos-cn-i-k3u1fbpfcp/9757025e98764dabbe1bf2994c145882~tplv-k3u1fbpfcp-watermark.awebp)
![image.png](https://p1-juejin.byteimg.com/tos-cn-i-k3u1fbpfcp/8b10a89b259740a3a1144d768ee06699~tplv-k3u1fbpfcp-watermark.awebp)
3.安装Logstash
3.1 下载Logstash
镜像
docker pull logstash:7.6.1
3.2 挂载目录
mkdir -p /usr/local/docker/elk/logstash/config chmod a+w /usr/local/docker/elk/logstash/config
在/usr/local/docker/elk/logstash/config
目录下新建logstash.conf
文件
input {
beats {
port => 5044
}
}
filter {
grok{
match => { "message" => "%{TIMESTAMP_ISO8601:timestamp} %{LOGLEVEL:level} %{JAVALOGMESSAGE:msg}" }
}
date {
match => ["timestamp","yyyy-MM-dd HH:mm:ss,SSS","ISO8601"]
target => "@timestamp"
}
}
output {
if "ERROR" in [message]{
elasticsearch {
hosts => ["192.168.0.103:9200"]
index => "open-web-error"
template_overwrite => true
}
}else {
elasticsearch {
hosts => ["192.168.0.103:9200"]
index => "open-web"
template_overwrite => true
}
}
}
我这里是使用filebeta
作为logstash
的输入源 根据日志的level
级别 输出到ES
的不同索引当中
在/usr/local/docker/elk/logstash/config
目录下新建logstash.yml
文件
xpack.monitoring.enabled: true
xpack.monitoring.elasticsearch.username: logstash_system
xpack.monitoring.elasticsearch.password: "123456"
xpack.monitoring.elasticsearch.hosts: ["http://192.168.0.103:9200"]
3.3 运行logstash
docker run -it -d -p 4560:4560 -p 5044:5044 --name logstash \ -v /usr/local/docker/elk/logstash/config/logstash.conf:/usr/share/logstash/pipeline/logstash.conf \ -v /usr/local/docker/elk/logstash/config/logstash.yml:/usr/share/logstash/config/logstash.yml \ logstash:7.6.1
4. 下载Filebeat
我在本地启动filebeat
用来监听SpringBoot
项目的日志文件 然后发送到logstash
进行解析后 存储到ES
中
Filebeta下载地址
选择对应的产品和版本号进行下载
![image.png](https://p3-juejin.byteimg.com/tos-cn-i-k3u1fbpfcp/c60b95d0898b4b919bd05b98098fcbf9~tplv-k3u1fbpfcp-watermark.awebp)
4.1 配置filebeat.yml
文件
![image.png](https://p3-juejin.byteimg.com/tos-cn-i-k3u1fbpfcp/67c188bdf4bd4759b494bacb782b9e52~tplv-k3u1fbpfcp-watermark.awebp)
配合监听日志文件的位置
![image.png](https://p1-juejin.byteimg.com/tos-cn-i-k3u1fbpfcp/064bb914012042f1b4edb1736a7cdc56~tplv-k3u1fbpfcp-watermark.awebp)
配置logstash
地址
![image.png](https://p3-juejin.byteimg.com/tos-cn-i-k3u1fbpfcp/2f258ebfe2ca43aea91407902cfa61b0~tplv-k3u1fbpfcp-watermark.awebp)
4.2 启动Filebeat
.\filebeat.exe -e -c .\filebeat.yml
![image.png](https://p3-juejin.byteimg.com/tos-cn-i-k3u1fbpfcp/02868ed041184b5fb966ea2cfd75e2ca~tplv-k3u1fbpfcp-watermark.awebp)
启动SpringBoot项目 产生日志文件
5. 进入Kibana
查看日志信息
点击 Management
![image.png](https://p9-juejin.byteimg.com/tos-cn-i-k3u1fbpfcp/60d74db7c8d8448a8c1a6083c53214f8~tplv-k3u1fbpfcp-watermark.awebp)
点击 Index Patterns
然后点击 Create Index Pattern
![image.png](https://p3-juejin.byteimg.com/tos-cn-i-k3u1fbpfcp/723d07ddc7ee4aed98ef0d96ef3e646e~tplv-k3u1fbpfcp-watermark.awebp)
选择需要查看的索引 点击 Next Step
![image.png](https://p9-juejin.byteimg.com/tos-cn-i-k3u1fbpfcp/35ad9ed5bc924cf8baf8f336e76a1db5~tplv-k3u1fbpfcp-watermark.awebp)
选择完毕后 点击 Create Index Pattern
![image.png](https://p6-juejin.byteimg.com/tos-cn-i-k3u1fbpfcp/ebb015fdb15d42f69f393c4841e2c973~tplv-k3u1fbpfcp-watermark.awebp)
查看日志信息 可在搜索栏进行相关字段的搜索
![image.png](https://p1-juejin.byteimg.com/tos-cn-i-k3u1fbpfcp/90c9c085d45142bdb1040ae38e2c9e69~tplv-k3u1fbpfcp-watermark.awebp)
这里的时间格式看不习惯的话 是可以设置的
![image.png](https://p6-juejin.byteimg.com/tos-cn-i-k3u1fbpfcp/0621f34c30954029a24fb9f61de0edf2~tplv-k3u1fbpfcp-watermark.awebp)
具体设置可以查看
kibana设置时间格式