1.Docker命令安装
Elasticsearch安装
- 下载Elasticsearch
7.6.2的docker镜像:
docker pull elasticsearch:7.6.2- 修改虚拟内存区域大小,否则会因为过小而无法启动:
# 改变设置
sysctl -w vm.max_map_count=262144
# 使之立即生效
sysctl -p- 使用如下命令启动Elasticsearch服务:
docker run -p 9200:9200 -p 9300:9300 --name elasticsearch \
-e "discovery.type=single-node" \
-e "cluster.name=elasticsearch" \
-v /mydata/elasticsearch/plugins:/usr/share/elasticsearch/plugins \
-v /mydata/elasticsearch/data:/usr/share/elasticsearch/data \
-d elasticsearch:7.6.2- 启动时会发现
/usr/share/elasticsearch/data目录没有访问权限,只需要修改/mydata/elasticsearch/data目录的权限,再重新启动即可;
chmod 777 /mydata/elasticsearch/data/- 安装中文分词器IKAnalyzer,并重新启动:
docker exec -it elasticsearch /bin/bash
#此命令需要在容器中运行
elasticsearch-plugin install https://github.com/medcl/elasticsearch-analysis-ik/releases/download/v7.6.2/elasticsearch-analysis-ik-7.6.2.zip
docker restart elasticsearch- 开启防火墙:
firewall-cmd --zone=public --add-port=9200/tcp --permanent
firewall-cmd --reload- 访问会返回版本信息:http://192.168.3.101:9200
Logstash安装
- 下载Logstash
7.6.2的docker镜像:
docker pull logstash:7.6.2- 修改Logstash的配置文件
logstash.conf中output节点下的Elasticsearch连接地址为es:9200。
input {
tcp {
mode => "server"
host => "0.0.0.0"
port => 4560
codec => json_lines
type => "debug"
}
tcp {
mode => "server"
host => "0.0.0.0"
port => 4561
codec => json_lines
type => "error"
}
tcp {
mode => "server"
host => "0.0.0.0"
port => 4562
codec => json_lines
type => "business"
}
tcp {
mode => "server"
host => "0.0.0.0"
port => 4563
codec => json_lines
type => "record"
}
}
filter{
if [type] == "record" {
mutate {
remove_field => "port"
remove_field => "host"
remove_field => "@version"
}
json {
source => "message"
remove_field => ["message"]
}
}
}
output {
elasticsearch {
hosts => "es:9200"
index => "mall-%{type}-%{+YYYY.MM.dd}"
}
}- 创建
/mydata/logstash目录,并将Logstash的配置文件logstash.conf拷贝到该目录;
mkdir /mydata/logstash- 使用如下命令启动Logstash服务;
docker run --name logstash -p 4560:4560 -p 4561:4561 -p 4562:4562 -p 4563:4563 \
--link elasticsearch:es \
-v /mydata/logstash/logstash.conf:/usr/share/logstash/pipeline/logstash.conf \
-d logstash:7.6.2- 进入容器内部,安装
json_lines插件。
logstash-plugin install logstash-codec-json_linesKibana安装
- 下载Kibana
7.6.2的docker镜像:
docker pull kibana:7.6.2- 使用如下命令启动Kibana服务:
docker run --name kibana -p 5601:5601 \
--link elasticsearch:es \
-e "elasticsearch.hosts=http://es:9200" \
-d kibana:7.6.2- 开启防火墙:
firewall-cmd --zone=public --add-port=5601/tcp --permanent
firewall-cmd --reload- 访问地址进行测试:http://192.168.3.101:5601
2.Docker Compose安装
- Es需要设置系统内核参数,否则会因为内存不足无法启动;
# 改变设置
sysctl -w vm.max_map_count=262144
# 使之立即生效
sysctl -p- 需要创建
/mydata/elasticsearch/data目录并设置权限,否则会因为无权限访问而启动失败。
# 创建目录
mkdir /mydata/elasticsearch/data/
mkdir /mydata/elasticsearch/plugins
# 创建并改变该目录权限
chmod 777 /mydata/elasticsearch/data
chmod 777 /mydata/elasticsearch/plugins- 修改Logstash的配置文件
logstash.conf中output节点下的Elasticsearch连接地址为es:9200。
input {
tcp {
mode => "server"
host => "0.0.0.0"
port => 4560
codec => json_lines
type => "debug"
}
tcp {
mode => "server"
host => "0.0.0.0"
port => 4561
codec => json_lines
type => "error"
}
tcp {
mode => "server"
host => "0.0.0.0"
port => 4562
codec => json_lines
type => "business"
}
tcp {
mode => "server"
host => "0.0.0.0"
port => 4563
codec => json_lines
type => "record"
}
}
filter{
if [type] == "record" {
mutate {
remove_field => "port"
remove_field => "host"
remove_field => "@version"
}
json {
source => "message"
remove_field => ["message"]
}
}
}
output {
elasticsearch {
hosts => "es:9200"
index => "mall-%{type}-%{+YYYY.MM.dd}"
}
}- 创建
/mydata/logstash目录,并将Logstash的配置文件logstash.conf拷贝到该目录。
mkdir /mydata/logstash- 创建elk-compose.yml文件
version: '3'
services:
elasticsearch:
image: elasticsearch:7.6.2
container_name: elasticsearch
environment:
- "cluster.name=elasticsearch" #设置集群名称为elasticsearch
- "discovery.type=single-node" #以单一节点模式启动
- "ES_JAVA_OPTS=-Xms512m -Xmx512m" #设置使用jvm内存大小
volumes:
- /mydata/elasticsearch/plugins:/usr/share/elasticsearch/plugins #插件文件挂载
- /mydata/elasticsearch/data:/usr/share/elasticsearch/data #数据文件挂载
ports:
- 9200:9200
- 9300:9300
logstash:
image: logstash:7.6.2
container_name: logstash
environment:
- TZ=Asia/Shanghai
volumes:
- /mydata/logstash/logstash.conf:/usr/share/logstash/pipeline/logstash.conf #挂载logstash的配置文件
depends_on: #一键部署时,添加该配置
- elasticsearch #logstash在elasticsearch启动之后再启动
links:
- elasticsearch:es #可以用es这个域名访问elasticsearch服务
ports:
- 4560:4560
- 4561:4561
- 4562:4562
- 4563:4563
kibana:
image: kibana:7.6.2
container_name: kibana
ports:
- 5601:5601
links:
- elasticsearch:es #可以用es这个域名访问elasticsearch服务
depends_on:
- elasticsearch #kibana在elasticsearch启动之后再启动
environment:
- "elasticsearch.hosts=http://es:9200" #设置访问elasticsearch的地址- 执行命令
docker-compose -f elk-compose.yml up -dElasticsearch
需要安装中文分词器IKAnalyzer,并重新启动。
docker exec -it elasticsearch /bin/bash
#此命令需要在容器中运行
elasticsearch-plugin install https://github.com/medcl/elasticsearch-analysis-ik/releases/download/v6.4.0/elasticsearch-analysis-ik-6.4.0.zip
docker restart elasticsearchlogstash安装
需要安装
json_lines插件,并重新启动。
docker exec -it logstash /bin/bash
logstash-plugin install logstash-codec-json_lines
docker restart logstash本博客所有文章除特别声明外,均采用 CC BY-SA 4.0 协议 ,转载请注明出处!