使用docker-compose搭建elk

概要步骤：
1、准备logstash配置文件
2、准备kibana配置文件
3、准备docker-compose.yml
4、启动并验证

1、准备logstash配置文件

# 在etc下创建配置文件目录
mkdir -p /etc/logstash/{config,pipeline}

# 创建pipelines.yml
touch /etc/logstash/config/pipelines.yml
cat>/etc/logstash/config/pipelines.yml<<EOF
- pipeline.id: api-main
  path.config: /usr/share/logstash/pipeline/logstash-api-main.conf
  pipeline.workers: 3
- pipeline.id: edge-main
  path.config: /usr/share/logstash/pipeline/logstash-edge-main.conf
  pipeline.workers: 3
- pipeline.id: xtl-server
  path.config: /usr/share/logstash/pipeline/logstash-xtl-server.conf
  pipeline.workers: 3
EOF

# 分别创建 conf
# 创建logstash-api-main.conf文件
touch /etc/logstash/pipeline/logstash-api-main.conf
# 写入文件内容
cat>/etc/logstash/pipeline/logstash-api-main.conf<<EOF
input {
  tcp {
    mode => "server"
    host => "0.0.0.0"
    port => 4560
    codec => json_lines
  }
}
output {
  elasticsearch {
    hosts => "es:9200"
    index => "api-main-logstash-%{+YYYY.MM.dd}"
  }
}
EOF

# 创建logstash-edge-main.conf文件
touch /etc/logstash/pipeline/logstash-edge-main.conf
# 写入文件内容
cat>/etc/logstash/pipeline/logstash-edge-main.conf<<EOF
input {
  tcp {
    mode => "server"
    host => "0.0.0.0"
    port => 4561
    codec => json_lines
  }
}
output {
  elasticsearch {
    hosts => "es:9200"
    index => "edge-main-logstash-%{+YYYY.MM.dd}"
  }
}
EOF

# 创建logstash-xtl-server.conf文件
touch /etc/logstash/pipeline/logstash-xtl-server.conf
# 写入文件内容
cat>/etc/logstash/pipeline/logstash-xtl-server.conf<<EOF
input {
  tcp {
    mode => "server"
    host => "0.0.0.0"
    port => 4562
    codec => json_lines
  }
}
output {
  elasticsearch {
    hosts => "es:9200"
    index => "xtl-server-logstash-%{+YYYY.MM.dd}"
  }
}
EOF

2、准备kibana配置文件

# 创建配置文件夹
mkdir -p /etc/kibana/config

# 创建配置文件
touch /etc/kibana/config/kibana.yml

# 写入文件内容
cat>/etc/kibana/config/kibana.yml<<EOF
server.host: '0.0.0.0'
server.shutdownTimeout: '5s'
elasticsearch.hosts: ['http://elasticsearch:9200']
monitoring.ui.container.elasticsearch.enabled: true
EOF

3、准备docker-compose.yml

# 创建文件夹
mkdir -p /etc/docker-compose/

# 创建文件
touch /etc/docker-compose/docker-compose-elk.yml

# 写入文件内容（网络部分注释原因：如果单独部署ELK需要开启，和其他编排使用编排网络）
cat>/etc/docker-compose/docker-compose-elk.yml<<EOF
version: '3.2'

services:
    elasticsearch:
        image: elasticsearch:7.17.4
        volumes:
            - /etc/localtime:/etc/localtime
            - /data/elasticsearch/plugins:/usr/share/elasticsearch/plugins #插件文件挂载
            - /data/elasticsearch/data:/usr/share/elasticsearch/data #数据文件挂载
        expose:
            - 9200
            - 9300        
        ports:
            - '9200:9200'
            - '9300:9300'
        container_name: elasticsearch
        restart: always
        environment:
            - 'cluster.name=elasticsearch' #设置集群名称为elasticsearch
            - 'discovery.type=single-node' #以单一节点模式启动
            - 'ES_JAVA_OPTS=-Xms1024m -Xmx1024m' #设置使用jvm内存大小
        networks:
            - wsd_net
        privileged: true

    logstash:
        image: logstash:7.17.4
        container_name: logstash
        restart: always
        volumes:
            - /etc/localtime:/etc/localtime
            - /etc/logstash/config/pipelines.yml:/usr/share/logstash/config/pipelines.yml
            - /etc/logstash/pipeline/logstash-api-main.conf:/usr/share/logstash/pipeline/logstash-api-main.conf
            - /etc/logstash/pipeline/logstash-edge-main.conf:/usr/share/logstash/pipeline/logstash-edge-main.conf
            - /etc/logstash/pipeline/logstash-xtl-server.conf:/usr/share/logstash/pipeline/logstash-xtl-server.conf
        expose:
            - 5044
            - 5000
            - 9600
            - 4560
            - 4561
            - 4562
        ports:
            - '5044:5044'
            - '5000:5000/tcp'
            - '5000:5000/udp'
            - '9600:9600'
            - '4560:4560'
            - '4561:4561'
            - '4562:4562'
        environment:
            LS_JAVA_OPTS: -Xms1024m -Xmx1024m
            TZ: Asia/Shanghai # MONITORING_ENABLED: false
        links:
            - elasticsearch:es #可以用es这个域名访问elasticsearch服务
        networks:
            - wsd_net
        depends_on:
            - elasticsearch
        privileged: true

    kibana:
        image: kibana:7.17.4
        container_name: kibana
        restart: always
        volumes:
            - /etc/localtime:/etc/localtime
            - /etc/kibana/config/kibana.yml:/usr/share/kibana/config/kibana.yml
        expose:
            - 5601
        ports:
            - '5601:5601'
        links:
            - elasticsearch:es #可以用es这个域名访问elasticsearch服务
        environment:
            - ELASTICSEARCH_URL=http://elasticsearch:9200 #设置访问elasticsearch的地址
            - 'elasticsearch.hosts=http://es:9200' #设置访问elasticsearch的地址
            - I18N_LOCALE=zh-CN
        networks:
            - wsd_net
        depends_on:
            - elasticsearch
        privileged: true

#networks:
#   elk:
#        name: elk
#        driver: bridge

# ik 分词器的安装
# 集群 docker-compose exec elasticsearch elasticsearch-plugin install https://github.com/medcl/elasticsearch-analysis-ik/releases/download/v7.17.4/elasticsearch-analysis-ik-7.17.4.zip
# 单点 bin/elasticsearch-plugin install https://github.com/medcl/elasticsearch-analysis-ik/releases/download/v7.17.4/elasticsearch-analysis-ik-7.17.4.zip
#
EOF

4、启动并验证

# 进入docker-compose编排配置文件
cd /etc/docker-compose

# 启动
docker-compose -f docker-compose.yml -f docker-compose-elk.yml up -d elasticsearch logstash kibana

请求并验证

假设服务器为172.28.0.161
浏览器访问http://172.28.0.161:5601
页面上加入演示数据验证
springboot接入elk日志