Shulou(Shulou.com)06/01 Report--

This article focuses on "how to use Docker to build ELK log system", interested friends may wish to take a look. The method introduced in this paper is simple, fast and practical. Let's let the editor take you to learn how to use Docker to build ELK log system.

The following installations use the ~ / directory as the installation root.

Elasticsearch

Download the image:

$sudo docker pull elasticsearch:5.5.0

Run the elasticsearch container:

$sudo docker run-it-d-p 9200 elasticsearch/data:/usr/share/elasticsearch/data 9200-p 9300 elasticsearch/data:/usr/share/elasticsearch/data 9300\-- name myes elasticsearch:5.5.0

In particular, if you use V6 or above, there will be an error in jdk. We check the log.

$docker logs-f myes

View the log:

Openjdk 64-bit server vm warning: option useconcmarksweepgc was deprecated in version 9.0 and will likely be removed in a future release.

The approximate meaning of finding it online is:

Jdk9 is not very friendly to elasticsearch (the version is too new), you must use jdk8, I use jdk8u152 (jdk-8u152-windows-x64.exe). If you use jdk9 and elasticsearch-rtf (v5.1.1), the following error will occur. Please note that jdk9 must be used in the version of elasticsearch6.0, otherwise the msi downloaded from the official website cannot be installed successfully, and the reason has not been carefully checked.

So it's also a tricky question, so I might as well just install v5.5.0 stable version.

Logstash

Download the image:

$sudo docker pull logstash:5.5.0

Create a new profile:

$mkdir ~ / logstash/conf.d & & cd logstash/conf.d$ vim logstash.conf

Logstash.conf:

Input {beats {port = > 5044 # this port needs to be the same as the port in filebeat.yml} file {path = > "/ data/logs" # start_position = > "beginning"}} filter {# grok {# match = > {"message" = > "% {combinedapachelog}"} # date {# match = > ["timestamp" "dd/mmm/yyyy:hh:mm:ss z"] #} grok {patterns_dir = > "/ etc/logstash/conf.d/patterns" match = > {"message" = > "% {timestamp_iso8601:time}\ s% {myself:msgid}% {myself:method}% {myself:userinfo}\ s% {loglevel:level}\ s% {myself:thread}% {myself:application}% {myself:ip}"} date {# match = > ["time" "yyyy-mm-dd hh:mm:ss,sss"] match = > ["time", "iso8601"] target = > "@ timestamp" timezone = > "asia/phnom_penh"}} output {stdout {codec = > rubydebug} elasticsearch {action = > "index" hosts = > ["172.17.10.114target"] index = > "% {[fields] [indexname]} -% {+ yyyy.mm.dd}"}}

Run the logstash container:

$sudo docker run-it-d-p 5044 logstash/data/logs:/data/logs 5044\-v ~ / logstash/conf.d:/etc/logstash/conf.d\-v ~ / logstash/data/logs:/data/logs\-name logstash logstash:5.5.0\-f / etc/logstash/conf.d/logstash.conf

Kibana

Download the image:

$sudo docker pull kibana:5.5.0

Create a new profile:

$mkdir ~ / kibana & & cd ~ / kibana$ vim kibana.yml

Kibana.yml:

Server.port: 5601server.host: "0.0.0.0" elasticsearch.url: "http://172.17.10.114:9200"

Run the kibana container:

$sudo docker run-it-d-p 5601 kibana:/etc/kibana 5601\-v ~ / name kibana kibana:5.5.0

Filebeat

Filebeat needs to be deployed on a server that needs to collect logs.

Download the image:

$sudo docker pull docker.elastic.co/beats/filebeat:5.5.0

Create a new profile:

Filebeat.prospectors:- type: log paths:-~ / filebeat/logs # specify the path to the log files to be collected fields: indexname: xxx # fill in the project name here, corresponding to index = > "% {[fields] [indexname]} -% {+ yyyy.mm.dd}" output.logstash: hosts: ["172.17.10.114fields 5044"]

Run the filebeat container:

$sudo docker run-it-d\-v ~ / filebeat/filebeat.yml:/usr/share/filebeat/filebeat.yml\-- name filebeat docker.elastic.co/beats/filebeat:5.5.0

Attach a flow chart of elk structure:

At this point, I believe you have a deeper understanding of "how to use Docker to build ELK log system". You might as well do it in practice. Here is the website, more related content can enter the relevant channels to inquire, follow us, continue to learn!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.