ELK 基础配置

in PHP with 0 comment

ELK

laradock 配置

配置yml

> filebeat.yml
filebeat.config:
  modules:
    path: ${path.config}/modules.d/*.yml
    reload.enabled: false
  # module: nginx
  #   access: 
  #     var.paths: ["/usr/share/filebeat/logs/laradock/nginx/laravel_access.log"]

filebeat.inputs:
- type: log
  enabled: true
  paths:
    - /usr/share/filebeat/logs/laradock/*/*.log

# output.elasticsearch:
#   hosts: 'elasticsearch:9200'
#   username: '${ELASTICSEARCH_USERNAME:}'
#   password: '${ELASTICSEARCH_PASSWORD:}'

output.logstash:
  hosts: "logstash:5044"

setup.kibana:
  host: "kibana:5601"

设置磁盘映射


### filebeat ###################################################
filebeat:
  container_name: filebeat
  image: store/elastic/filebeat:7.1.1
  command: --strict.perms=false
  networks:
    - frontend
    - backend
  volumes:
    - ./filebeat/filebeat.yml:/usr/share/filebeat/filebeat.yml
    - ./logs:/usr/share/filebeat/logs/laradock

启动


docker-compose up -d filebeat kibana logstash elasticsearch

filebeat

输入

filebeat.inputs:
- type: log
  enabled: true
  paths:
    - /var/log/*.log

paths例如需要递归获取日志

/var/*/*.log

输出

output.elasticsearch:
    hosts: ["myEShost:9200"]

受保护的情况

cloud.auth: "elastic:YOUR_PASSWORD"

output.elasticsearch:
  hosts: ["myEShost:9200"]
  username: "filebeat_internal"
  password: "YOUR_PASSWORD" 
setup.kibana:
  host: "mykibanahost:5601"
  username: "my_kibana_user"  
  password: "YOUR_PASSWORD"

测试配置是否可用

我们这里使用的是docker-compose

# 进入filebeat
docker-compose exec filebeat bash 

# step1
./filebeat test help

# step2 (查看配置是否可用)
./filebeat test config -e

# step3 (查看输出是否正常)
./filebeat test output -e

启动

./filebeat -e -c filebeat.yml -d "publish"

logstash

新建配置

> first-pipeline.conf
input {
    beats {
        port => "5044"
    }
}
# The filter part of this file is commented out to indicate that it is
# optional.
# filter {
#
# }
output {
    elasticsearch {
        hosts => [ "elasticsearch:9200" ]
    }
}

启动:


bin/logstash -f ./pipeline/first-pipeline.conf --config.reload.automatic

配置测试

bin/logstash -f ./pipeline/first-pipeline.conf --config.test_and_exit

docker相关辅助命令

停止所有容器

docker kill $(docker ps -q); docker rm $(docker ps -a -q)

参考文章

ELK快速入门(四)filebeat替代logstash收集日志:https://www.lagou.com/lgeduarticle/8898.html

ELK--filebeat详解: https://www.cnblogs.com/kuku0223/p/8316922.html

Docker安装部署ELK教程: (Elasticsearch+Kibana+Logstash+Filebeat):https://www.cnblogs.com/fbtop/p/11005469.html

本文由 邓尘锋 创作,采用 知识共享署名4.0 国际许可协议进行许可
本站文章除注明转载/出处外,均为本站原创或翻译,转载前请务必署名
最后编辑时间为: Mar 22, 2021 at 04:48 pm

Comments are closed.