Shulou(Shulou.com)06/02 Report--

This article is about how to quickly build ELK based on Docker. The editor thinks it is very practical, so share it with you as a reference and follow the editor to have a look.

Based on the self-built Docker platform, a complete ELK system is built quickly, and the relevant images are obtained directly from the Docker Hub, which can quickly realize log collection, analysis and retrieval.

Prepare for Mirror

Get ES image: docker pull elasticsearch:latest

Get kibana image: docker pull kibana:latest

Get logstash image: docker pull logstash:latest

Start Elasticsearch

The configuration file of ES in the official image is saved in / usr/share/elasticsearch/config, which can be mapped to the host if necessary; the data file directory / usr/share/elasticsearch/data, where we map the data directory; and the container provides port 9200 by default for API interaction.

Docker run-- name elasticsearch\-v "$PWD/esdata": / usr/share/elasticsearch/data\-p 9200 PWD/esdata 9200\-d elasticsearch

After the container is started, you can call one to verify it:

Start Kibana

As the UI of ES operation, Kibana needs to communicate with the ES container, so here you need to link the ES container and provide port 5601 for page interaction.

Docker run-- name kibana\-- link elasticsearch:elasticsearch\-- p 5601 link elasticsearch:elasticsearch 5601\-d kibana

After the container is launched, you can access port 5601 with a browser to see the kibana page. The first visit may prompt that the default index has not been established. Here, you need to create a default index on the management page. The default index is usually called logstash-*,. Create a default index as shown in the following figure.

Start Logstash

The main function of Logstash is to collect logs. This component has many plug-ins, which can support most log integration methods, such as tcp, udp, jdbc, files, queues, etc. Its configuration is very simple, and the startup method is also very simple. Here, we take the access log of nginx as an example. We configure logstash to read the access.log of nginx, and then forward the log to Elasticsearch.

First, compile a logstash configuration file, logstash.conf, with the following contents:

Input {file {path= > "/ tmp/nginx/logs/access.log"} output {stdout {} # log output to console # output to es elasticsearch {hosts= > "100.100.x.231"}}

Start the container. Here we put the nginx log in / tmp/nginx/logs/access.log. In order for the container to read this log, you need to map the log directory to the container.

Docker run-it-rm-v / tmp/nginx/logs/access.log:/tmp/nginx/logs/access.log-f / config-dir/logstash.conf

Next, we can test the whole process of log collection and display. First of all, create some access logs in nginx, such as directly adjusting the nginx service port by curl, or writing data directly to access.log. At this point, we can see the following log output in the logstash container:

After that, open the Kibana page to see the log data written in real time:

Summary

Docker container makes it very convenient to build ELK. Through ELK, you can quickly analyze and retrieve logs and find problems. Several core contributors to ELK have set up a company called Elastic, which currently has some cooperation with our company. On the basis of open source, the company has also released some commercial products called X-Pack, which provides many enhancements in machine learning, graphics algorithms and security technology, which interested students can understand for themselves.

Thank you for reading! This is the end of this article on "how to quickly build ELK based on Docker". I hope the above content can be of some help to you, so that you can learn more knowledge. if you think the article is good, you can share it for more people to see!

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.