elasticsearch filebeat+logstash+elasticsearch加密传输测试
*****************************
配置文件
filebeat
filebeat.inputs:
- type: log
enabled: true
paths:
- /usr/share/filebeat/logs/*.log
output.logstash:
hosts: ["172.18.0.32:5044"]
logstash
管道配置文件:logstash.conf
input {
beats {
port => 5044
}
}
filter {
grok {
match => { "message" => "%{NUMBER:document_id}\s+%{GREEDYDATA:info}" }
}
mutate {
remove_field => ["host","agent","message","log","tags","input","ecs"]
}
}
output {
stdout { }
elasticsearch {
hosts => ["172.18.0.33:9200"]
user => "logstash_system"
password => "123456"
index => "info-%{+yyyy.MM.dd}"
document_id => "%{document_id}"
}
}
************************
配置文件logstash.yml
http.host: "0.0.0.0"
xpack.monitoring.enabled: true
xpack.monitoring.elasticsearch.hosts: [ "http://172.18.0.33:9200" ]
xpack.monitoring.elasticsearch.username: "logstash_system"
xpack.monitoring.elasticsearch.password: "123456"
elasticsearch
http.host: 0.0.0.0
network.host: 0.0.0.0
discovery.type: single-node
discovery.seed_hosts: ["172.18.0.33"]
http.cors.enabled: true
http.cors.allow-origin: "*"
xpack.security.enabled: true
*****************************
创建容器
filebeat
docker run -it -d --net fixed --ip 172.18.0.31 \
-v /usr/elasticsearch/elk/filebeat/config/filebeat.yml:/usr/share/filebeat/filebeat.yml \
-v /usr/elasticsearch/elk/filebeat/logs:/usr/share/filebeat/logs \
--name filebeat docker.elastic.co/beats/filebeat:7.5.1
logstash
docker run -it --net fixed --ip 172.18.0.32 -p 5044:5044 \
-v /usr/elasticsearch/elk/logstash/config/logstash.conf:/usr/share/logstash/pipeline/logstash.conf \
-v /usr/elasticsearch/elk/logstash/config/logstash.yml:/usr/share/logstash/config/logstash.yml \
--name logstash docker.elastic.co/logstash/logstash:7.5.1
elasticsearch
docker run -it --net fixed --ip 172.18.0.33 -p 9202:9200 -p 9302:9300 \
-e ES_JAVA_OPTS="-Xms512m -Xmx512m" \
-v /usr/elasticsearch/elk/elasticsearch/config/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml \
--name es-single elasticsearch:7.5.1
说明:先启动elasticsearch,设置好内置用户的密码后再启动logstash、filebeat
*****************************
相关输出
logstash控制台输出
查看elasticsearch文档