基于Docker快速搭建ELK的方法
ãæè¦ã æ¬æåºäºèªå»ºçDockerå¹³å°éæ建ä¸å¥å®æ´çELKç³»ç»ï¼ç¸å³çéåç´æ¥ä»Docker Hubä¸è·åï¼å¯ä»¥å¿«éå®ç°æ¥å¿çééååææ£ç´¢ã
åå¤éå
- è·åESéåï¼docker pull elasticsearch:latest
- è·åkibanaéåï¼docker pull kibana:latest
- è·ålogstashéåï¼docker pull logstash:latest
å¯å¨Elasticsearch
å®æ¹éåéé¢ESçéç½®æ件ä¿åå¨/usr/share/elasticsearch/configï¼å¦ææéè¦å¯ä»¥å°è¯¥ç®å½æ å°å°å®¿ä¸»æºä¸ï¼æ°æ®æ件ç®å½/usr/share/elasticsearch/dataï¼è¿éæ们ææ°æ®ç®å½æ å°åºæ¥ï¼å®¹å¨é»è®¤å¯¹å¤æä¾9200端å£ï¼ç¨ä½API交äºã
docker run --name elasticsearch \ -v "$PWD/esdata":/usr/share/elasticsearch/data \ -p 9200:9200 \ -d elasticsearch
容å¨å¯å¨ä»¥åå¯ä»¥è°ç¨ä¸æéªè¯ä¸ä¸:
å¯å¨Kibana
Kibanaä½ä¸ºESæä½çUIï¼éè¦è·ES容å¨éä¿¡ï¼æ以è¿éè¦å°ESç容å¨linkä¸ä¸ï¼å¯¹å¤æä¾5601端å£å页é¢äº¤äºã
docker run --name kibana \ --link elasticsearch:elasticsearch \ -p 5601:5601 \ -d kibana
容å¨å¯å¨åç¨æµè§å¨è®¿é®5601端å£ï¼å¯ä»¥çå°kibana页é¢ï¼é¦æ¬¡è®¿é®çæ¶åå¯è½ä¼æ示没æ建ç«é»è®¤ç´¢å¼ï¼è¿ééè¦å¨ç®¡ç页é¢ä¸å建ä¸ä¸ªé»è®¤ç´¢å¼ãé»è®¤ç´¢å¼é常å«ålogstash-*ï¼å¦ä¸å¾æ示å建ä¸ä¸ªé»è®¤ç´¢å¼ã
å¯å¨Logstash
Logstash主è¦ä½ç¨æ¯æ¶éæ¥å¿ï¼è¿ä¸ªç»ä»¶æå¾å¤æ件ï¼å¯ä»¥æ¯æ大é¨åæ¥å¿éææ¹å¼ï¼å¦tcpãudpãjdbcãæ件ãéåçï¼ä»çéç½®é常ç®åï¼å¯å¨æ¹å¼ä¹å¾ç®åï¼è¿é以nginxç访é®æ¥å¿ä¸ºä¾ï¼æ们éç½®logstash读ånginxçaccess.logï¼ç¶åææ¥å¿è½¬åå°Elasticsearch
é¦åç¼è¯ä¸ä¸ªlogstashéç½®æ件logstash.confï¼å容å¦ä¸ï¼
input{
file{
path=>"/tmp/nginx/logs/access.log"
}
}output{
stdout{ } #æ¥å¿è¾åºå°æ§å¶å°
#è¾åºå°es
elasticsearch{
hosts=>"100.100.x.231"
}
}å¯å¨å®¹å¨ï¼è¿éæ们ænginxçæ¥å¿æ¾å¨/tmp/nginx/logs/access.logï¼ä¸ºäºè®©å®¹å¨è½è¯»å°è¿ä¸ªæ¥å¿ï¼éè¦ææ¥å¿ç®å½æ å°å°å®¹å¨éé¢ã
docker run Cit Crm -v /tmp/nginx/logs/access.log:/tmp/nginx/logs/access.log -f /config-dir/logstash.conf
æ¥ä¸æ¥æ们å¯ä»¥å¨æµç¨æµè¯ä¸ä¸æ¥å¿æ¶éå±ç¤ºçè¿ç¨ãé¦åå¨nginxéé¢é ç¹è®¿é®æ¥å¿ï¼æ¯å¦ç´æ¥curlè°nginxæå¡ç«¯å£ï¼æèç´æ¥å¾access.logéé¢åæ°æ®ä¹è¡ãè¿æ¶åålogstash容å¨æ们å¯ä»¥çå°å¦ä¸æ¥å¿è¾åºï¼
åå¾åï¼æå¼Kibana页é¢å°±å¯ä»¥çå°å®æ¶åå¥çæ¥å¿æ°æ®äºï¼
æ»ç»
Docker容å¨ä½¿ELKæ建åå¾é常便æ·ï¼éè¿ELKå¯ä»¥å¿«éåææ£ç´¢æ¥å¿ï¼åç°é®é¢ï¼ELKçå ä¸ªæ ¸å¿è´¡ç®èæç«äºä¸å®¶å¬å¸å«Elasticï¼ç®åè·æå¸ä¹æä¸äºåä½ï¼å¨å¼æºçåºç¡ä¸è¯¥å¬å¸ä¹åå¸äºä¸äºåä¸äº§åï¼å为X-Packï¼æä¾äºæºå¨å¦ä¹ ãå¾ç®æ³ä»¥åå®å¨ææ¯ä¸ç诸å¤å 强ï¼æå´è¶£çåå¦å¯ä»¥èªè¡äºè§£ã
以ä¸å°±æ¯æ¬æçå¨é¨å容ï¼å¸æ对大家çå¦ä¹ ææ帮å©ï¼ä¹å¸æ大家å¤å¤æ¯æèæ¬ä¹å®¶ã