Elasticsearch 装置
1. 下载 Elasticsearch 7.6.2 的 docker 镜像:
docker pull elasticsearch:7.6.2
2. 批改虚拟内存区域大小,否则会因为过小而无奈启动:
sysctl -w vm.max_map_count=262144
3. 应用如下命令启动 Elasticsearch 服务:
docker run -p 9200:9200 -p 9300:9300 --name elasticsearch \
-e "discovery.type=single-node" \
-e "cluster.name=elasticsearch" \
-v /mydata/elasticsearch/plugins:/usr/share/elasticsearch/plugins \
-v /mydata/elasticsearch/data:/usr/share/elasticsearch/data \
-d elasticsearch:7.6.2
4. 启动时会发现 /usr/share/elasticsearch/data 目录没有拜访权限,只须要批改 /mydata/elasticsearch/data 目录的权限,再重新启动即可;
chmod 777 /mydata/elasticsearch/data/
docker restart elasticsearch
5. 装置中文分词器 IKAnalyzer,并重新启动:
docker exec -it elasticsearch /bin/bash
elasticsearch-plugin install https://github.com/medcl/elasticsearch-analysis-ik/releases/download/v7.6.2/elasticsearch-analysis-ik-7.6.2.zip
6. 重启 elasticsearch:
docker restart elasticsearch
7. 开启防火墙:
firewall-cmd --zone=public --add-port=9200/tcp --permanent
firewall-cmd --reload
8. 拜访会返回版本信息:http:// 虚拟机 IP:9200
Logstash 装置
1. 下载 Logstash 7.6.2 的 docker 镜像:
docker pull logstash:7.6.2
2. 创立 /mydata/logstash 目录,并将 Logstash 的配置文件 logstash.conf 拷贝到该目录:
mkdir /mydata/logstash
logstash.conf 配置文件内容
input {
tcp {
mode => "server"
host => "0.0.0.0"
port => 4560
codec => json_lines
type => "debug"
}
tcp {
mode => "server"
host => "0.0.0.0"
port => 4561
codec => json_lines
type => "error"
}
tcp {
mode => "server"
host => "0.0.0.0"
port => 4562
codec => json_lines
type => "business"
}
tcp {
mode => "server"
host => "0.0.0.0"
port => 4563
codec => json_lines
type => "record"
}
}
filter{if [type] == "record" {
mutate {
remove_field => "port"
remove_field => "host"
remove_field => "@version"
}
json {
source => "message"
remove_field => ["message"]
}
}
}
output {
elasticsearch {
hosts => "es:9200"
index => "logstash-%{type}-%{+YYYY.MM.dd}"
}
}
3. 应用如下命令启动 Logstash 服务
docker run --name logstash -p 4560:4560 -p 4561:4561 -p 4562:4562 -p 4563:4563 \
--link elasticsearch:es \
-v /mydata/logstash/logstash.conf:/usr/share/logstash/pipeline/logstash.conf \
-d logstash:7.6.2
3. 进入容器外部,装置 json_lines 插件
docker exec -it logstash /bin/bash
logstash-plugin install logstash-codec-json_lines
Kibana 装置
1. 下载 Kibana 7.6.2 的 docker 镜像:
docker pull kibana:7.6.2
2. 应用如下命令启动 Kibana 服务:
docker run --name kibana -p 5601:5601 \
--link elasticsearch:es \
-e "elasticsearch.hosts=http://es:9200" \
-d kibana:7.6.2
3. 开启防火墙:
firewall-cmd --zone=public --add-port=5601/tcp --permanent
firewall-cmd --reload
4. 拜访地址进行测试:http:// 虚拟机 IP:5601