• 实战:使用Docker Compose运行ELK
    • 参考文档

    实战:使用Docker Compose运行ELK

    • ElasticSearch【存储】
    • Logtash【日志聚合器】
    • Kibana【界面】

    答案:

    1. version: '2'
    2. services:
    3.  elasticsearch:
    4.   image: elasticsearch
    5.   # command: elasticsearch
    6.   ports:
    7.    - "9200:9200"   # REST API端口
    8.    - "9300:9300"   # RPC端口
    9.  logstash:
    10.   image: logstash
    11.   command: logstash -f /etc/logstash/conf.d/logstash.conf
    12.   volumes:
    13.    - ./config:/etc/logstash/conf.d
    14.    - /opt/build:/opt/build
    15.   ports:
    16.    - "5000:5000"
    17.  kibana:
    18.   image: kibana
    19.   environment:
    20.    - ELASTICSEARCH_URL=http://elasticsearch:9200
    21.   ports:
    22.    - "5601:5601"

    logstash.conf 参考示例:

    1. input {
    2.   file {
    3.     codec => json
    4.     path => "/opt/build/*.json"
    5.   }
    6. }
    7. filter {
    8.   grok {
    9.     match => { "message" => "%{TIMESTAMP_ISO8601:timestamp}\s+%{LOGLEVEL:severity}\s+\[%{DATA:service},%{DATA:trace},%{DATA:span},%{DATA:exportable}\]\s+%{DATA:pid}---\s+\[%{DATA:thread}\]\s+%{DATA:class}\s+:\s+%{GREEDYDATA:rest}" }
    10.   }
    11. }
    12. output {
    13.   elasticsearch {
    14.     hosts => "elasticsearch:9200"
    15.   }
    16. }

    参考文档

    https://docs.docker.com/compose/samples-for-compose/#samples-tailored-to-demo-compose