ELK日志系统
elasticsearch
#!/bin/bash
echo 'Asia/Shanghai' > /etc/timezone
port=9200
mkdir -p data/ logs/
chown -R 1000:1000 data/
chown -R 1000:1000 logs/
docker stop elasticsearch
docker rm elasticsearch
docker run -id \
--restart=always \
--name=elasticsearch \
--network=host \
-v /etc/timezone:/etc/timezone:ro \
-v /etc/localtime:/etc/localtime:ro \
-v ./data:/usr/share/elasticsearch/data \
-v ./logs:/usr/share/elasticsearch/logs \
-e "discovery.type=single-node" \
elasticsearch:8.17.0elasticsearch-setup-passwords interactive重置密码
kibana
#!/bin/bash
echo 'Asia/Shanghai' > /etc/timezone
elasticsearch="127.0.0.1:9200"
port=5601
if [ ! -d ./config ];then
mkdir -p config/
chmod 755 config/
docker rm -f kibana &&
docker run -d \
--name kibana \
--network=host \
-e ELASTICSEARCH_HOSTS=http://${elasticsearch} \
kibana:8.17.0 && sleep 60 && docker cp kibana:/usr/share/kibana/config .
docker rm -f kibana
fi
docker stop kibana
docker rm kibana
docker run -d \
--name kibana \
--network=host \
-v /etc/timezone:/etc/timezone:ro \
-v /etc/localtime:/etc/localtime:ro \
-v ./config:/usr/share/kibana/config \
-e ELASTICSEARCH_HOSTS=http://${elasticsearch} \
kibana:8.17.0增加配置
elasticsearch.username: "kibana_system"
elasticsearch.password: ".#123abc"logstash
#!/bin/bash
elasticsearch="127.0.0.1"
echo 'Asia/Shanghai' > /etc/timezone
docker stop logstash
docker rm logstash
docker run -d \
--restart=always \
--name=logstash \
-m 2g \
--network=host \
--user=root \
--add-host elasticsearch:${elasticsearch} \
-v /etc/timezone:/etc/timezone:ro \
-v /etc/localtime:/etc/localtime:ro \
-v $(pwd)/config/:/usr/share/logstash/conf/ \
logstash:8.17.0 -f /usr/share/logstash/conf/配置
input {
kafka {
type => "nginxlog"
bootstrap_servers => "127.0.0.1:9092"
topics => "log"
client_id => "test"
group_id => "test"
codec => json
}
}
filter {
if [type] == "logv2" {
json {
source => "message"
}
}
}
output {
elasticsearch {
hosts => ["http://127.0.0.1:9200"]
user => "logstash_system"
password => "password"
}
stdout { codec => rubydebug }
}