在Linux服务器上安装Docker以后,Pull相关的官方Docker镜像:
docker pull docker.elastic.co/elasticsearch/elasticsearch:5.5.1
docker pull docker.elastic.co/kibana/kibana:5.5.1
docker pull docker.elastic.co/logstash/logstash:5.5.1启动Elastic Search容器:
docker run -p 9200:9200 -e "http.host=0.0.0.0" -e "transport.host=127.0.0.1"
--name my-elastic -d docker.elastic.co/elasticsearch/elasticsearch:5.5.1启动Kibana容器:
docker run -p 5601:5601 -e "ELASTICSEARCH_URL=http://localhost:9200" --name my-kibana
--network host -d docker.elastic.co/kibana/kibana:5.5.1创建logstash/logstash.yml,配置xpack对于logstash的监控:
http.host: "0.0.0.0"
path.config: /usr/share/logstash/pipeline
xpack.monitoring.elasticsearch.url: http://localhost:9200
xpack.monitoring.elasticsearch.username: elastic
xpack.monitoring.elasticsearch.password: changeme创建logstash/conf.d/logstash.conf,配置logstash的输入输出:
input {
file {
path => "/tmp/access_log"
start_position => "beginning"
}
}
output {
elasticsearch {
hosts => ["localhost:9200"] user => "elastic"
password => "changeme"
}
}启动Logstash容器:
docker run -v /home/ubuntu/logstash/conf.d:/usr/share/logstash/pipeline/:ro -v /tmp:/tmp:ro
-v /home/ubuntu/logstash/logstash.yml:/usr/share/logstash/config/logstash.yml:ro --name my-logstash
--network host -d docker.elastic.co/logstash/logstash:5.5.1测试一下,在/tmp/access.log中添加两行信息:
echo "Hello World!" >> /tmp/access_log
echo "Hello ELK!" >> /tmp/access_log打开kibana的链接http://yourhost:5601,使用用户名/密码: elastic/changeme登录。在”Configure an index pattern”页面点击Create按钮。点击菜单Monitor即可查看ELK节点的状态
在Kibana点击Discover菜单,可以看到相关的日志信息:
使用Elastic Search集群部署
Elastic官方提供了用docker-compose启动Elastic Search集群的方法,首先安装docker-compose
curl -L https://github.com/docker/compose/releases/download/1.15.0/docker-compose-Linux-x86_64
> /usr/local/bin/docker-compose
sudo chmod +x /usr/local/bin/docker-compose
