Famousmai's blog
famousmai
2023-02-17
目录
docker-compose.yml
配置文件参考
elasticsearch/config/elasticsearch.yml
kibana/config/kibana.yml
logstash/config/logstash.yml
logstash/pipeline/logstash.config
elasticsearch

Elk学习笔记

# ELK日志系统学习笔记

# docker-compose.yml

# 声明版本
version: "3"
services:
  elasticsearch:
    image: elasticsearch:8.6.0
    ports:
      - "9200:9200"
      - "9300:9300"
    volumes:
      - ./elasticsearch/config/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml
    environment:
      ES_JAVA_OPTS: "-Xmx256m -Xms256m"
      ELASTIC_PASSWORD: maipwd
      discovery.type: single-node
      network.publish_host: _eth0_

  logstash:
    image: logstash:8.6.0
    ports:
      - "5044:5004"
      - "5000:5000"
      - "9600:9600"
    volumes:
      - ./logstash/config/logstash.yml:/usr/share/logstash/config/logstash.yml
      - ./logstash/pipeline/logstash.config:/usr/share/logstash/pipeline/logstash.config
    environment:
      ES_JAVA_OPTS: "-Xmx256m -Xms256m"

  kibana:
    image: kibana:8.6.0
    ports:
      - "5601:5601"
    volumes:
      - ./kibana/config/kibana.yml:/usr/share/kibana/config/kibana.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34

注意

8.0 以上版本,配置的账号,需要验证,所以这里我用了

[2023-01-27T07:37:22.820+00:00][FATAL][root] Error: [config validation of [elasticsearch].username]: value of "elastic" is forbidden. This is a superuser account that cannot write to system indices that Kibana needs to function. Use a service account token instead. Learn more: https://www.elastic.co/guide/en/elasticsearch/reference/8.0/service-accounts.html
1

# 配置文件参考

# elasticsearch/config/elasticsearch.yml

---
cluster.name: "mai-cluster"
network.host: 0.0.0.0

xpack.license.self_generated.type: trial
xpack.security.enabled: true
xpack.monitoring.collection.enabled: true
1
2
3
4
5
6
7

# kibana/config/kibana.yml

---
server.name: kibana
server.host: 0.0.0.0
monitoring.ui.container.elasticsearch.enabled: true

elasticsearch.hosts: ["http://172.26.0.4:9200"]
elasticsearch.username: elastic
elasticsearch.password: maipwd
1
2
3
4
5
6
7
8

# logstash/config/logstash.yml

http.host: "0.0.0.0"
xpack.monitoring.elasticsearch.hosts: ["http://172.26.0.4:9200"]

xpack.monitoring.enabled: true
xpack.monitoring.elasticsearch.username: elastic
xpack.monitoring.elasticsearch.password: maipwd
1
2
3
4
5
6

# logstash/pipeline/logstash.config

input {
    beats {
        port => 5044
    }
    tcp {
        port => 5000
    }
}

output {
    elasticsearch {
        hosts => "http://172.26.0.4:9200"
        user => "elastic"
        password => "maipwd"
        index => "%{[@metadata][-imooc]}-%{[@metadata][version]}-%{+YYYY.MM.dd}"
    }
}
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17

# elasticsearch

docker

$ docker run -d \
						 --name elasticsearch-container \
						 -p 9200:9200 -p 9300:9300 \
						 -v /Users/mym/Documents/Code/go-project-shop/elasticsearch/config/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml elasticsearch:8.6.0
1
2
3
4

官方说 Elasticsearch 8.0 安全功能需要传输网络层的TLS加密,所以使用8.0以上需要先创建docker环境

Starting in Elasticsearch 8.0, security is enabled by default. With security enabled, Elastic Stack security features require TLS encryption for the transport networking layer, or your cluster will fail to start.

参考链接

https://blog.51cto.com/liuqunying/2121528

编辑 (opens new window)
#Elk
上次更新: 2023/02/19, 00:03:59
Consul学习笔记
数据结构与算法之美

数据结构与算法之美

最近更新
01
策略模式
03-13
02
单例模式
03-05
03
设计模式介绍
03-05
更多文章>
Theme by Vdoing | Copyright © 2022-2025 Evan Xu | MIT License