【前言】
为了更加真实的模拟生产部署环境,在上次的Docker环境中(《Docker安装kibana(超详细图文教程)》)中安装了kibana,本次我们将安装日志清洗组件---logstash把步骤记录下来,一是方便自己以后安装,二是可以为大家做参考共享。
【一句总结一张架构图】
一、一句话总结学完本篇博文,你将学到什么?
Docker安装Logstash,优化,Docker常用命令
二、架构图
【Docker安装logstash】
一、环境:
1、Windows系统(本人是win10环境)
2、VMware10.0.1
3、Centos 7.4
4、Xshell5
5、Docker 19.03
6、Elasticsearch 7.2.0
7、Kibana 7.2.0
8、Logstash 7.2.0
二、安装步骤:
1、拉取logstash 7.2.0镜像
docker pull logstash:7.2.0
2、在宿主主机上创建logstash目录
mkdir /data/elk/logstash -p
3、宿主主机上创建logstash.yml配置文件
vim logstash.yml
logstash.yml内容如下:
http.port: 5044
4、宿主主机上创建logstash.conf配置文件
vim logstash.conf
logstash.yml内容如下:
input {
beats {
port => 5045
codec => json
}
}
filter {
if [fields][service] == "zhboot" {
date {
match => [ "requestTime" , "yyyy-MM-dd HH:mm:ss" ]
target => "@timestamp"
}
mutate {
remove_field => "parent"
remove_field => "meta"
remove_field => "trace"
remove_field => "tags"
remove_field => "prospector"
remove_field => "span"
remove_field => "fields"
remove_field => "severity"
remove_field => "@version"
remove_field => "exportable"
remove_field => "input"
remove_field => "pid"
remove_field => "thread"
remove_field => "beat"
remove_field => "host"
remove_field => "offset"
remove_field => "log"
}
}
}
output {
elasticsearch {
hosts => ["172.17.0.2:9200"]
index => "%{[esindex]}_%{+YYYYMM}"
}
}
5、启动logstash容器
docker run -p 5044:5044 -p 5045:5045 --name lst -d -v /data/elk/logstash/logstash.conf:/usr/share/logstash/config/logstash.conf -v /data/elk/logstash/logstash.yml:/usr/share/logstash/config/logstash.yml logstash:7.2.0 -f /usr/share/logstash/config/logstash.conf
三、检查logstash服务:
1、查看logstash容器日志
docker logs lst
【总结】
软件开发和生活是一样一样的,拿Logstash来说,将数据清洗放入到ES中,我们平常生活中整理东西也是将东西归整好放入橱柜。