ELK的搭建有几种方式,概括下:
1. 下载将ELK 组成一起的包
2. 分别安装E,L,K
3. 将ELK装在Docker中。
我还是比较喜欢第三种,就主要介绍第三种。
1 increase the limits about max_map_count
On Linux, you can increase the limits by running the following command as root:
sysctl -w vm.max_map_count=262144
2 start elk container
docker run -p 5601:5601 -p 9200:9200 -p 5044:5044 -it --name elk sebp/elk3 login in container and run logstash
docker exec -it elk /bin/bashAt the prompt, enter
/opt/logstash/bin/logstash --path.data /tmp/logstash/data \
-e 'input { stdin { } } output { elasticsearch { hosts => ["localhost"] } }'Wait for Logstash to start (as indicated by the message The stdin plugin is now waiting for input:
this is dumy data
if failed to start logstash, have below error:
Logstash could not be started because there is already another instance using the configured data directory. If you wish to run multiple instances, you must change the “path.data” setting.
do: service logstash stop, then rerun .
4 open kibana
You can now browse to Kibana’s web interface at http://:5601 (e.g. http://localhost:5601 for a local native instance of Docker).
Make sure that the drop-down “Time-field name” field is pre-populated with the value @timestamp, then click on “Create”, and you’re good to go.
Ref:
- https://peihsinsu.gitbooks.io/docker-note-book/content/bigdata-lek.html
- https://www.elastic.co/guide/en/logstash/current/config-examples.html
- http://467754239.blog.51cto.com/4878013/1700828/
- http://467754239.blog.51cto.com/4878013/1700828/