Elk学习笔记
# ELK日志系统学习笔记
# docker-compose.yml
# 声明版本
version: "3"
services:
elasticsearch:
image: elasticsearch:8.6.0
ports:
- "9200:9200"
- "9300:9300"
volumes:
- ./elasticsearch/config/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml
environment:
ES_JAVA_OPTS: "-Xmx256m -Xms256m"
ELASTIC_PASSWORD: maipwd
discovery.type: single-node
network.publish_host: _eth0_
logstash:
image: logstash:8.6.0
ports:
- "5044:5004"
- "5000:5000"
- "9600:9600"
volumes:
- ./logstash/config/logstash.yml:/usr/share/logstash/config/logstash.yml
- ./logstash/pipeline/logstash.config:/usr/share/logstash/pipeline/logstash.config
environment:
ES_JAVA_OPTS: "-Xmx256m -Xms256m"
kibana:
image: kibana:8.6.0
ports:
- "5601:5601"
volumes:
- ./kibana/config/kibana.yml:/usr/share/kibana/config/kibana.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
注意
8.0 以上版本,配置的账号,需要验证,所以这里我用了
[2023-01-27T07:37:22.820+00:00][FATAL][root] Error: [config validation of [elasticsearch].username]: value of "elastic" is forbidden. This is a superuser account that cannot write to system indices that Kibana needs to function. Use a service account token instead. Learn more: https://www.elastic.co/guide/en/elasticsearch/reference/8.0/service-accounts.html
1
# 配置文件参考
# elasticsearch/config/elasticsearch.yml
---
cluster.name: "mai-cluster"
network.host: 0.0.0.0
xpack.license.self_generated.type: trial
xpack.security.enabled: true
xpack.monitoring.collection.enabled: true
1
2
3
4
5
6
7
2
3
4
5
6
7
# kibana/config/kibana.yml
---
server.name: kibana
server.host: 0.0.0.0
monitoring.ui.container.elasticsearch.enabled: true
elasticsearch.hosts: ["http://172.26.0.4:9200"]
elasticsearch.username: elastic
elasticsearch.password: maipwd
1
2
3
4
5
6
7
8
2
3
4
5
6
7
8
# logstash/config/logstash.yml
http.host: "0.0.0.0"
xpack.monitoring.elasticsearch.hosts: ["http://172.26.0.4:9200"]
xpack.monitoring.enabled: true
xpack.monitoring.elasticsearch.username: elastic
xpack.monitoring.elasticsearch.password: maipwd
1
2
3
4
5
6
2
3
4
5
6
# logstash/pipeline/logstash.config
input {
beats {
port => 5044
}
tcp {
port => 5000
}
}
output {
elasticsearch {
hosts => "http://172.26.0.4:9200"
user => "elastic"
password => "maipwd"
index => "%{[@metadata][-imooc]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
}
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
# elasticsearch
docker
$ docker run -d \
--name elasticsearch-container \
-p 9200:9200 -p 9300:9300 \
-v /Users/mym/Documents/Code/go-project-shop/elasticsearch/config/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml elasticsearch:8.6.0
1
2
3
4
2
3
4
官方说 Elasticsearch 8.0 安全功能需要传输网络层的TLS加密,所以使用8.0以上需要先创建docker环境
Starting in Elasticsearch 8.0, security is enabled by default. With security enabled, Elastic Stack security features require TLS encryption for the transport networking layer, or your cluster will fail to start.
参考链接
https://blog.51cto.com/liuqunying/2121528
编辑 (opens new window)
上次更新: 2023/02/19, 00:03:59