Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

Detailed instructions on rapid deployment of ELK environment using Docker (latest version 5.5.1)

2025-01-18 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Servers >

Share

Shulou(Shulou.com)06/02 Report--

After installing Docker on the Linux server, the official Docker image associated with Pull:

Docker pull docker.elastic.co/elasticsearch/elasticsearch:5.5.1docker pull docker.elastic.co/kibana/kibana:5.5.1docker pull docker.elastic.co/logstash/logstash:5.5.1

Start the Elastic Search container:

Docker run-p 9200 transport.host=127.0.0.1 9200-e "http.host=0.0.0.0"-e "transport.host=127.0.0.1"\-- name my-elastic-d docker.elastic.co/elasticsearch/elasticsearch:5.5.1

Start the Kibana container:

Docker run-p 5601 name my-kibana 5601-e "ELASTICSEARCH_URL= http://localhost:9200"-- name my-kibana\-- network host-d docker.elastic.co/kibana/kibana:5.5.1

Create logstash/logstash.yml and configure xpack to monitor logstash:

Http.host: "0.0.0.0" path.config: / usr/share/logstash/pipelinexpack.monitoring.elasticsearch.url: http://localhost:9200xpack.monitoring.elasticsearch.username: elasticxpack.monitoring.elasticsearch.password: changeme

Create a logstash/conf.d/logstash.conf and configure the input and output of the logstash:

Input {file {path = > "/ tmp/access_log" start_position = > "beginning"}} output {elasticsearch {hosts = > ["localhost:9200"] user = > "elastic" password = > "changeme"}}

Start the Logstash container:

Docker run-v / home/ubuntu/logstash/conf.d:/usr/share/logstash/pipeline/:ro-v / tmp:/tmp:ro\-v / home/ubuntu/logstash/logstash.yml:/usr/share/logstash/config/logstash.yml:ro-- name my-logstash\-- network host-d docker.elastic.co/logstash/logstash:5.5.1

To test it, add two lines of information to / tmp/access.log:

Echo "Hello World!" > > / tmp/access_logecho "Hello ELK!" > > / tmp/access_log

Open the link http://yourhost:5601 of kibana and log in with username / password: elastic/changeme. Click the Create button on the "Configure an index pattern" page. Click the menu Monitor to view the status of the ELK node

Click the Discover menu in Kibana to see the relevant log information:

Using Elastic Search cluster deployment

Elastic officially provides a way to start an Elastic Search cluster with docker-compose. Install docker-compose first.

Curl-L https://github.com/docker/compose/releases/download/1.15.0/docker-compose-Linux-x86_64\ > / usr/local/bin/docker-composesudo chmod + x / usr/local/bin/docker-composedocker-compose-- version

Create an elasticsearch/docker-compose.yml file:

Version: '2'services: elasticsearch2: image: docker.elastic.co/elasticsearch/elasticsearch:5.5.1 container_name: elasticsearch2 environment:-cluster.name=docker-cluster-bootstrap.memory_lock=true-"ES_JAVA_OPTS=-Xms512m-Xmx512m" ulimits: memlock: soft:-1 hard:-1 mem_limit: 1g volumes:-esdata1:/usr/share/elasticsearch/data ports:-9200 networks:-esnet elasticsearch3: Image: docker.elastic.co/elasticsearch/elasticsearch:5.5.1 environment:-cluster.name=docker-cluster-bootstrap.memory_lock=true-"ES_JAVA_OPTS=-Xms512m-Xmx512m"-"discovery.zen.ping.unicast.hosts=elasticsearch2" ulimits: memlock: soft:-1 hard:-1 mem_limit: 1g volumes:-esdata2:/usr/share/elasticsearch/data networks:-esnetvolumes: esdata1: driver: local esdata2: driver: localnetworks: esnet:

Append a line to the / etc/sysctl.conf file

Vm.max_map_count = 262144

Execute the command to apply the changes:

Sudo sysctl-p

Start the elastic search cluster by executing the following command in the directory where docker-compose.yml is located:

Docker stop my-elastic & & docker rm my-elasticdocker-compose up &

From the Monitor menu in Kibana, you can see that the Elastic Search cluster is working properly:

Change the default password

The default account password for Elastic Docker Images is elastic/changeme. It is not safe to use the default password. Suppose you want to change the password to elastic0. Execute the command on the server where Docker resides to change the password of user elastic:

Curl-XPUT-u elastic 'localhost:9200/_xpack/security/user/elastic/_password'-H "Content-Type: application/json"\-d' {"password": "elastic0"}'

Set the password and restart Kibana:

Docker stop my-kibana & & docker rm my-kibanadocker run-p 5601 docker rm my-kibanadocker run 5601-e "ELASTICSEARCH_URL= http://localhost:9200"-e" ELASTICSEARCH_PASSWORD=elastic0 "\-- name my-kibana-- network host-d docker.elastic.co/kibana/kibana:5.5.1

Change the password in logstash/logstash.yml,logstash/conf.d/logstash.conf and restart the logstash service

Docker restart my-logstash

To test it, add two lines of information to / tmp/access.log:

Echo "Hello World!" > > / tmp/access_logecho "Hello ELK!" > > / tmp/access_log

Open the link http://yourhost:5601 of kibana and log in with username / password: elastic/elastic0. Click the Create button on the "Configure an index pattern" page. Click the menu Monitor to view the status of the ELK node. The default password has been modified successfully.

The above is the whole content of this article, I hope it will be helpful to your study, and I also hope that you will support it.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

Servers

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report