6

Github GitHub - JasonkayZK/docker_repo at elk-v7.1-single

 3 years ago
source link: https://github.com/JasonkayZK/docker_repo/tree/elk-v7.1-single
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.

ELK单节点

本分支使用ElasticSearch官方的镜像和Docker-Compose来创建单节点的ELK,用于学习ELK;

各个环境版本:

  • 操作系统:CentOS 7
  • Docker:20.10.6
  • Docker-Compose:1.29.1
  • ELK Version:7.1.0

注:本分支仅仅采用通常的ElasticSearch + LogStash + Kibana组件,而未使用FileBeat;

首先,在配置文件.env中声明了ES以及各个组件的版本:

ES_VERSION=7.1.0

其次,创建Docker-Compose的配置文件:

docker-compose.yml

version: '3.4'

services: 
    elasticsearch:
        image: "docker.elastic.co/elasticsearch/elasticsearch:${ES_VERSION}"
        environment:
            - discovery.type=single-node
        volumes:
            - /etc/localtime:/etc/localtime
            - /docker_es/data:/usr/share/elasticsearch/data
        ports:
            - "9200:9200"
            - "9300:9300"
    
    logstash:
        depends_on:
            - elasticsearch
        image: "docker.elastic.co/logstash/logstash:${ES_VERSION}"
        volumes:
            - ./logstash.conf:/usr/share/logstash/pipeline/logstash.conf
        ports:
            - "5044:5044"
        links:
            - elasticsearch

    kibana:
        depends_on:
            - elasticsearch
        image: "docker.elastic.co/kibana/kibana:${ES_VERSION}"
        environment:
            - ELASTICSEARCH_URL=http://elasticsearch:9200
        volumes:
            - /etc/localtime:/etc/localtime
        ports:
            - "5601:5601"
        links:
            - elasticsearch

在Services中声明了三个服务:

  • elasticsearch;
  • logstash;
  • kibana;

在elasticsearch服务的配置中有几点需要特别注意:

  • discovery.type=single-node:将ES的集群发现模式配置为单节点模式;
  • /etc/localtime:/etc/localtime:Docker容器中时间和宿主机同步;
  • /docker_es/data:/usr/share/elasticsearch/data:将ES的数据映射并持久化至宿主机中;

在启动ES容器时,需要先创建好宿主机的映射目录;

并且配置映射目录所属,例如:

sudo chown -R 1000:1000 /docker_es/data

否则可能报错!

在logstash服务的配置中有几点需要特别注意:

  • ./logstash.conf:/usr/share/logstash/pipeline/logstash.conf:将宿主机本地的logstash配置映射至logstash容器内部;

在kibana服务的配置中有几点需要特别注意:

  • ELASTICSEARCH_URL=http://elasticsearch:9200:配置ES的地址;
  • /etc/localtime:/etc/localtime:Docker容器中时间和宿主机同步;

下面是LogStash的配置,在使用时可以自定义:

logstash.conf

input {
  tcp {
    mode => "server"
    host => "0.0.0.0"
    port => 5044
    codec => json
  }
}

output {
  elasticsearch {
    hosts => ["http://elasticsearch:9200"]
    index => "%{[service]}-%{+YYYY.MM.dd}"
  }
  stdout { codec => rubydebug }
}

使用前必看:

① 修改ELK版本

可以修改在.env中的ES_VERSION字段,修改你想要使用的ELK版本;

② LogStash配置

修改logstash.conf为你需要的日志配置;

③ 修改ES文件映射路径

修改docker-composeelasticsearch服务的volumes,将宿主机路径修改为你实际的路径:

volumes:
  - /etc/localtime:/etc/localtime
-  - /docker_es/data:/usr/share/elasticsearch/data
+ - [your_path]:/usr/share/elasticsearch/data

并且修改宿主机文件所属:

sudo chown -R 1000:1000 [your_path]

随后使用docker-compose命令启动:

docker-compose up -d
Creating network "docker_repo_default" with the default driver
Creating docker_repo_elasticsearch_1 ... done
Creating docker_repo_kibana_1        ... done
Creating docker_repo_logstash_1      ... done

在portainer中可以看到三个容器全部被成功创建:

访问<ip>:5601/可以看到Kibana也成功启动:

通过API进行数据的CRUD

向ES中增加数据:

curl -XPOST "http://127.0.0.1:9200/ik_v2/chinese/3?pretty"  -H "Content-Type: application/json" -d ' 
{ 
    "id" : 3, 
    "username" :  "测试测试", 
    "description" :  "测试测试" 
}'

# 返回 
{
  "_index" : "ik_v2",
  "_type" : "chinese",
  "_id" : "3",
  "_version" : 1,
  "result" : "created",
  "_shards" : {
    "total" : 2,
    "successful" : 1,
    "failed" : 0
  },
  "_seq_no" : 0,
  "_primary_term" : 1
}

获取数据:

curl -XGET "http://127.0.0.1:9200/ik_v2/chinese/3?pretty"

# 返回
{
  "_index" : "ik_v2",
  "_type" : "chinese",
  "_id" : "3",
  "_version" : 1,
  "_seq_no" : 0,
  "_primary_term" : 1,
  "found" : true,
  "_source" : {
    "id" : 3,
    "username" : "测试测试",
    "description" : "测试测试"
  }
}

修改数据:

curl -XPOST 'localhost:9200/ik_v2/chinese/3/_update?pretty' -H "Content-Type: application/json" -d '{ 
    "doc" : { 
            "username" : "testtest" 
        } 
    } 
}'

# 返回
{
  "_index" : "ik_v2",
  "_type" : "chinese",
  "_id" : "3",
  "_version" : 2,
  "result" : "updated",
  "_shards" : {
    "total" : 2,
    "successful" : 1,
    "failed" : 0
  },
  "_seq_no" : 1,
  "_primary_term" : 1
}

再次查询:

curl -XGET "http://127.0.0.1:9200/ik_v2/chinese/3?pretty"

# 返回
{
  "_index" : "ik_v2",
  "_type" : "chinese",
  "_id" : "3",
  "_version" : 2,
  "_seq_no" : 1,
  "_primary_term" : 1,
  "found" : true,
  "_source" : {
    "id" : 3,
    "username" : "testtest",
    "description" : "测试测试"
  }
}

可以看到,username已经成功被修改!

在Kibana中查看

目前我们的Kibana中是不存在Index索引的,需要先创建;

在Management中点击Kibana下面的Index Management,并输入上面我们插入的索引ik_v2

创建成功后可以在Discover中查看:

大体单节点的ELK就部署成功,可以使用了!

相关文章:


report

Recommend

About Joyk


Aggregate valuable and interesting links.
Joyk means Joy of geeK