Elasticsearch装置

1. 下载Elasticsearch 7.6.2 的docker镜像：

docker pull elasticsearch:7.6.2

2. 批改虚拟内存区域大小，否则会因为过小而无奈启动:

sysctl -w vm.max_map_count=262144

3. 应用如下命令启动Elasticsearch服务：

 docker run -p 9200:9200 -p 9300:9300 --name elasticsearch \-e "discovery.type=single-node" \-e "cluster.name=elasticsearch" \-v /mydata/elasticsearch/plugins:/usr/share/elasticsearch/plugins \-v /mydata/elasticsearch/data:/usr/share/elasticsearch/data \-d elasticsearch:7.6.2

4. 启动时会发现 /usr/share/elasticsearch/data 目录没有拜访权限，只须要批改 /mydata/elasticsearch/data 目录的权限，再重新启动即可；

chmod 777 /mydata/elasticsearch/data/docker restart elasticsearch

5. 装置中文分词器IKAnalyzer，并重新启动：

docker exec -it elasticsearch /bin/bashelasticsearch-plugin install https://github.com/medcl/elasticsearch-analysis-ik/releases/download/v7.6.2/elasticsearch-analysis-ik-7.6.2.zip

6. 重启elasticsearch：

docker restart elasticsearch

7. 开启防火墙：

firewall-cmd --zone=public --add-port=9200/tcp --permanentfirewall-cmd --reload

8. 拜访会返回版本信息：http://虚拟机IP:9200

Logstash装置

1. 下载Logstash 7.6.2 的docker镜像：

docker pull logstash:7.6.2

2. 创立 /mydata/logstash 目录，并将Logstash的配置文件 logstash.conf 拷贝到该目录：

mkdir /mydata/logstash

logstash.conf配置文件内容

input {tcp {mode => "server"host => "0.0.0.0"port => 4560codec => json_linestype => "debug"}tcp { mode => "server" host => "0.0.0.0" port => 4561 codec => json_lines type => "error" } tcp { mode => "server" host => "0.0.0.0" port => 4562 codec => json_lines type => "business" } tcp { mode => "server" host => "0.0.0.0" port => 4563 codec => json_lines type => "record" }}filter{ if [type] == "record" { mutate { remove_field => "port" remove_field => "host" remove_field => "@version" } json { source => "message" remove_field => ["message"] } }}output { elasticsearch { hosts => "es:9200" index => "logstash-%{type}-%{+YYYY.MM.dd}" }}

3. 应用如下命令启动Logstash服务

docker run --name logstash -p 4560:4560 -p 4561:4561 -p 4562:4562 -p 4563:4563 \--link elasticsearch:es \-v /mydata/logstash/logstash.conf:/usr/share/logstash/pipeline/logstash.conf \-d logstash:7.6.2

3. 进入容器外部，装置 json_lines 插件

docker exec -it logstash /bin/bashlogstash-plugin install logstash-codec-json_lines

Kibana装置

1. 下载Kibana 7.6.2 的docker镜像：

docker pull kibana:7.6.2

2. 应用如下命令启动Kibana服务：

docker run --name kibana -p 5601:5601 \--link elasticsearch:es \-e "elasticsearch.hosts=http://es:9200" \-d kibana:7.6.2

3. 开启防火墙：

firewall-cmd --zone=public --add-port=5601/tcp --permanentfirewall-cmd --reload

4. 拜访地址进行测试：http://虚拟机IP:5601