Docker----elk架构filebeat+redis+logstash+elasticsearch+kibana(7.2.0)

企业开发 2023-04-16 16:24:48 阅读次数: 0

ELK系统搭建

一、系统架构

在这里插入图片描述

二、es集群搭建

1、配置准备

docker run -d --name es --rm -e "discovery.type=single-node" ydtong/elasticsearch:7.2.0
mikdir -p /docker/elk/es1
docker cp es:/usr/share/elasticsearch/config /docker/elk/es1/config
docker stop es
sudo mkdir -p /docker/elk/es1/data
sudo chmod -R 777 /docker/elk/es1/data
cp -a /docker/elk/es1 /docker/elk/es2
cp -a /docker/elk/es1 /docker/elk/es3

2、配置文件修改

主节点node1:elasticsearch.yml

cluster.name: "elk"
node.name: node1
node.master: true
node.data: false
network.bind_host: 0.0.0.0
network.publish_host: 192.168.10.45
http.port: 9201
transport.tcp.port: 9301
http.cors.enabled: true
http.cors.allow-origin: "*"
discovery.seed_hosts: ["192.168.10.45:9301","192.168.10.45:9302","192.168.10.45:9303"]
cluster.initial_master_nodes: ["node1"]
xpack.monitoring.collection.enabled: true

数据节点node2:elasticsearch.yml

cluster.name: "elk"
node.name: node2
node.master: false
node.data: true
network.bind_host: 0.0.0.0
network.publish_host: 192.168.10.45
http.port: 9202
transport.tcp.port: 9302
http.cors.enabled: true
http.cors.allow-origin: "*"
discovery.seed_hosts: ["192.168.10.45:9301","192.168.10.45:9302","192.168.10.45:9303"]
cluster.initial_master_nodes: ["node1"]
xpack.monitoring.collection.enabled: true

数据节点node3:elasticsearch.yml

cluster.name: "elk"
node.name: node3
node.master: false
node.data: true
network.bind_host: 0.0.0.0
network.publish_host: 192.168.10.45
http.port: 9203
transport.tcp.port: 9303
http.cors.enabled: true
http.cors.allow-origin: "*"
discovery.seed_hosts: ["192.168.10.45:9301","192.168.10.45:9302","192.168.10.45:9303"]
cluster.initial_master_nodes: ["node1"]
xpack.monitoring.collection.enabled: true

3、启动es集群

docker run -d --name es-node1 -p 9201:9201 -p 9301:9301 \
-v /docker/elk/es1/config/:/usr/share/elasticsearch/config \
-v /docker/elk/es1/data/:/usr/share/elasticsearch/data \
ydtong/elasticsearch:7.2.0

docker run -d --name es-node2 -p 9202:9202 -p 9302:9302 \
-v /docker/elk/es2/config/:/usr/share/elasticsearch/config \
-v /docker/elk/es2/data/:/usr/share/elasticsearch/data \
ydtong/elasticsearch:7.2.0

docker run -d --name es-node3 -p 9203:9203 -p 9303:9303 \
-v /docker/elk/es3/config/:/usr/share/elasticsearch/config \
-v /docker/elk/es3/data/:/usr/share/elasticsearch/data \
ydtong/elasticsearch:7.2.0

4、查看集群状态

status状态为green,视为集群搭建成功

curl 192.168.10.45:9201/_cluster/health
{"cluster_name":"elk","status":"green","timed_out":false,"number_of_nodes":3,"number_of_data_nodes":2,"active_primary_shards":10,"active_shards":20,"relocating_shards":0,"initializing_shards":0,"unassigned_shards":0,"delayed_unassigned_shards":0,"number_of_pending_tasks":0,"number_of_in_flight_fetch":0,"task_max_waiting_in_queue_millis":0,"active_shards_percent_as_number":100.0}

5、解决es启动报错问题

max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]

切换root用户 su root

输入命令
  sysctl -w vm.max_map_count=262144
查看
  sysctl -a|grep vm.max_map_count
结果
  vm.max_map_count = 262144

防止以后出现这种情况

切换到root用户修改配置sysctl.conf

 vi /etc/sysctl.conf

添加下面配置:

vm.max_map_count=655360

并执行命令:

  sysctl -p

然后,重新启动elasticsearch,即可启动成功

扫描二维码关注公众号,回复: 14882484 查看本文章

6、es启动内存不足

JVM所需内存不足

[es@localhost bin]$ ./elasticsearch
Exception in thread "main" java.lang.RuntimeException: starting java failed with [1]
output:
#
# There is insufficient memory for the Java Runtime Environment to continue.
# Native memory allocation (mmap) failed to map 986513408 bytes for committing reserved memory.
# An error report file with more information is saved as:
# logs/hs_err_pid59343.log
error:
OpenJDK 64-Bit Server VM warning: Option UseConcMarkSweepGC was deprecated in version 9.0 and will likely be removed in a future release.
OpenJDK 64-Bit Server VM warning: INFO: os::commit_memory(0x00000000c5330000, 986513408, 0) failed; error='Not enough space' (errno=12)
        at org.elasticsearch.tools.launchers.JvmErgonomics.flagsFinal(JvmErgonomics.java:111)
        at org.elasticsearch.tools.launchers.JvmErgonomics.finalJvmOptions(JvmErgonomics.java:79)
        at org.elasticsearch.tools.launchers.JvmErgonomics.choose(JvmErgonomics.java:57)
        at org.elasticsearch.tools.launchers.JvmOptionsParser.main(JvmOptionsParser.java:89)

解决:

修改jvm配置文件jvm.options
在这里插入图片描述
将红框内存改小为一个符合机器内存的数值即可

三、kibana搭建

1、配置文件准备

docker run -d --name kibana --rm ydtong/kibana:7.2.0
mkdir -p /docker/elk/kibana/config
cd /docker/elk/kibana/config
docker cp kibana:/usr/share/kibana/config/kibana.yml .
docker stop kibana

kibana.yml

server.port: 5601
server.host: "0.0.0.0"
elasticsearch.hosts: ["http://192.168.10.45:9201","http://192.168.10.45:9202","http://192.168.10.45:9203"]

2、安装logtrail插件

1.下载 kibana插件 logtrail

Kibana要求插件版本与Kibana版本完全匹配。如果您找不到Kibana版本的logtrail插件版本,请按照此处网址查找更新logtrail插件存档中的Kibana版本。

将下载的压缩包放到/docker/elk/kibana目录下,创建Dockerfile

#基础镜像
FROM ydtong/kibana:7.2.0
#将文件拷贝到/usr/share/kibana下
COPY logtrail-7.2.0-0.1.31.zip /usr/share/kibana/logtrail-7.2.0.zip
#安装插件
RUN  bin/kibana-plugin install file:///usr/share/kibana/logtrail-7.2.0.zip && rm -rf /usr/share/kibana/logtrail-7.2.0.zip
  • 注:将文件放到容器当前目录下,如果不知道可以使用pwd进行定位,将文件放到此目录下,使用whoami查看当前有效用户名

3、启动命令

docker run -d --name kibana -p 5601:5601 -v /docker/elk/kibana/config/kibana.yml:/usr/share/kibana/config/kibana.yml:ro ydtong/kibana:7.2.0

4、浏览器访问

http://192.168.10.45:5601/
在这里插入图片描述
点击Dev tools,查看集群健康
在这里插入图片描述

四、redis搭建

1、配置文件准备

mkdir -p /docker/elk/redis/data
vim /docker/elk/redis/data/redis.conf

redis.conf

bind 0.0.0.0
daemonize no
pidfile "/var/run/redis.pid"
port 6380
timeout 300
loglevel warning
logfile "redis.log"
databases 16
rdbcompression yes
dbfilename "redis.rdb"
dir "/data"
requirepass "123456"
masterauth "123456"
maxclients 10000
maxmemory 1000mb
maxmemory-policy allkeys-lru
appendonly yes
appendfsync always

2、启动命令

docker run -d --name redis -p 6380:6380 -v /docker/elk/redis/data/:/data redis:5.0 redis-server  redis.conf

五、logstash搭建

1、配置准备

mkdir /docker/elk/logstash
cd /docker/elk/logstash
docker run --rm -d --name logstash ydtong/logstash:7.2.0 
docker cp logstash:/usr/share/logstash/config .
docker cp logstash:/usr/share/logstash/pipeline .
docker stop logstash

2、修改配置文件

vim /docker/elk/logstash/config/logstash.yml
vim /docker/elk/logstash/config/pipelines.yml
mv /docker/elk/logstash/pipeline/logstash.conf /docker/elk/logstash/pipeline/docker.conf
vim /docker/elk/logstash/pipeline/docker.conf

logstash.yml

http.host: "0.0.0.0"
xpack.monitoring.enabled: true
xpack.monitoring.elasticsearch.hosts: ["http://192.168.10.45:9201","http://192.168.10.45:9202","http://192.168.10.45:9203"]

pipelines.yml

- pipeline.id: docker
  path.config: "/usr/share/logstash/pipeline/docker.conf"

docker.conf

input {
    redis {
        host => "192.168.10.45"
        port => 6380
        db => 0
        key => "localhost"
        password => "123456"
        data_type => "list"
        threads => 4
        tags => "localhost"
    }
}

output {
    if "localhost" in [tags] {
        if [fields][function] == "docker" {
            elasticsearch {
                hosts => ["192.168.10.45:9201","192.168.10.45:9202","192.168.10.45:9203"]
                index => "docker-localhost-%{+YYYY.MM.dd}"
            }
        }
    }
}

3、启动命令

docker run -d -p 5044:5044 -p 9600:9600 --name logstash  \
-v /docker/elk/logstash/config/:/usr/share/logstash/config \
-v /docker/elk/logstash/pipeline/:/usr/share/logstash/pipeline \
ydtong/logstash:7.2.0

六、filebeat搭建(收集docker日志)

1、配置文件准备

mkdir /docker/elk/filebeat
vim /docker/elk/filebeat/filebeat.yml
sudo chown root:root /docker/elk/filebeat/filebeat.yml

filebeat.yml

filebeat.config.modules:
  path: ${path.config}/modules.d/*.yml
  reload.enabled: false

setup.template.settings:
  index.number_of_shards: 1

filebeat.inputs:       
- type: docker
  enabled: true
  combine_partial: true
  containers:
    path: "/var/lib/docker/containers"
    ids:
      - '*'
  processors:
    - add_docker_metadata: ~
  encoding: utf-8
  max_bytes: 104857600 
  tail_files: true
  fields:
    function: docker  

processors:
  - add_host_metadata: ~
  - add_cloud_metadata: ~

output.redis:
  hosts: ["192.168.10.45:6380"]
  password: "123456"
  db: 0
  key: "ydt"
  keys:
    - key: "%{[fields.list]}"
      mappings:
        function: "docker"
  worker: 4 
  timeout: 20
  max_retries: 3
  codec.json:
    pretty: false

monitoring.enabled: true
monitoring.elasticsearch:
  hosts: ["http://192.168.10.45:9201","http://192.168.10.45:9202","http://192.168.10.45:9203"]

2、启动命令

docker run -d --name filebeat --hostname localhost --user=root \
-v /docker/elk/filebeat/filebeat.yml:/usr/share/filebeat/filebeat.yml:ro \
-v /var/lib/docker:/var/lib/docker:ro \
-v /var/run/docker.sock:/var/run/docker.sock:ro \
ydtong/filebeat:7.2.0

七、日志显示

1、配置索引

点击Management,再点击Kibana下面的Index Patterns,然后Create index pattern
在这里插入图片描述
在这里插入图片描述
在这里插入图片描述

2、查看日志

点击Discover
在这里插入图片描述

猜你喜欢

转载自blog.csdn.net/weixin_44006354/article/details/105768972
今日推荐
火速冲上 GitHub 热榜 —— 开源编程语言、框架哪有这么可爱?
北京人形机器人创新中心发布全球首个纯电驱拟人奔跑的全尺寸人形机器人“天工”
LFOSSA 源来如此公开课 | 掌握云原生未来:CNCF 认证全面攻略与备考秘籍
国产云输入法——仅华为无云端数据上传安全问题
开源日报 | 工业开源项目OGG 1.0;姐姐,你要和我一起配置火狐吗;苹果AI遥遥落后?Fedora 40
开放签电子签章:停止新增,优化体验,前进更进(五一假期前工作)
开源日报 | 中学生开源前端动画引擎;全球首个Llama3 8B中文版开源模型;联想电脑恐出局;Linus讽刺AI炒作
周排行
浏览器对同一域名进行请求的最大并发连接数
React Hook之自定义Hook
【转】MyBatis缓存机制
-Java-泛型
自动化测试常用脚本-发送邮件
LeetCode#859: Buddy Strings
java、Python处理字符串
第二篇の博客
Hadoop伪分布式环境安装
SQL Server进阶(十一)临时表、表变量
每日归档
更多
2024-04-27(56)
2024-04-26(39)
2024-04-25(22)
2024-04-24(36)
2024-04-23(26)
2024-04-22(39)
2024-04-21(0)
2024-04-20(6)
2024-04-19(5)
2024-04-18(0)

代码天地 © 2018 codetd.com

境外服务器   最新电视剧2022