第一步,拉去镜像
kibana 7.7.1 6de54f813b39 8 months ago 1.2GB elasticsearch 7.7.1 830a894845e3 8 months ago 804MB docker.elastic.co/beats/filebeat 7.7.1 a4c1bdadf04d 8 months ago 456MB
第二步,启动es
[root@VM-0-15-centos ~]# docker run -d -e ES_JAVA_POTS="-Xms512m -Xmx512m" -e "discovery.type=single-node" -p 9200:9200 -p 9300:9300 --name es 830a894845e3 e75ea7daacc912b43b07f85f0ebf3719ae581cb9463595649b9d576e3255c5db [root@VM-0-15-centos ~]# [root@VM-0-15-centos ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES e75ea7daacc9 830a894845e3 "/tini -- /usr/local…" 3 seconds ago Up 1 second 0.0.0.0:9200->9200/tcp, 0.0.0.0:9300->9300/tcp es
验证es,出现如下显示,代表ok
[root@VM-0-15-centos ~]# curl 127.0.0.1:9200 { "name" : "e75ea7daacc9", "cluster_name" : "docker-cluster", "cluster_uuid" : "fRca9tI6R5ucaPXaUqbw7w", "version" : { "number" : "7.7.1", "build_flavor" : "default", "build_type" : "docker", "build_hash" : "ad56dce891c901a492bb1ee393f12dfff473a423", "build_date" : "2020-05-28T16:30:01.040088Z", "build_snapshot" : false, "lucene_version" : "8.5.1", "minimum_wire_compatibility_version" : "6.8.0", "minimum_index_compatibility_version" : "6.0.0-beta1" }, "tagline" : "You Know, for Search" }
第三步,启动kibana,--link es容器id:别名,这样目的是让kibana和es共享一个网络,并且可以通过别名解析
[root@VM-0-15-centos ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES e75ea7daacc9 830a894845e3 "/tini -- /usr/local…" 2 minutes ago Up 2 minutes 0.0.0.0:9200->9200/tcp, 0.0.0.0:9300->9300/tcp es
[root@VM-0-15-centos ~]# docker run --link e75ea7daacc9:elasticsearch -p 5601:5601 -d --name kibana 6de54f813b39 9e4db19611eb509e0c3e698f9cf8363f256135a01c74555a8c5c341ce62f561e
打开浏览器,验证一下,能出现这个界面代表没问题
第四步,启动filebeat,注意,这里有坑,往下看
我们在启动filebeat的时候需要用到容器下面的/usr/share/filebeat目录下的所有文件,但是我们-v去映射的时候是宿主机的目录跟容器目录去映射,本来容器内有很多文件的,但是我们-v映射后变成空目录,导致起不来,所以我们需要先启动filebeat然后再把容器内部的文件复制到宿主机
[root@VM-0-15-centos ~]# docker run -d --name filebeat a4c1bdadf04d 84e57c04bd13007c1524923f60790a971943cef6200dbe21bc636642e10a21b6 [root@VM-0-15-centos ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 84e57c04bd13 a4c1bdadf04d "/usr/local/bin/dock…" 10 seconds ago Up 9 seconds filebeat 9e4db19611eb 6de54f813b39 "/usr/local/bin/dumb…" 6 minutes ago Up 6 minutes 0.0.0.0:5601->5601/tcp kibana e75ea7daacc9 830a894845e3 "/tini -- /usr/local…" 8 minutes ago Up 8 minutes 0.0.0.0:9200->9200/tcp, 0.0.0.0:9300->9300/tcp es
[root@VM-0-15-centos ~]# docker cp filebeat:/usr/share/filebeat /data/ [root@VM-0-15-centos ~]# cd /data/ [root@VM-0-15-centos data]# ls filebeat minikube
这时候我们可以-v去映射目录了,但是........还有坑,我们用docker cp命令复制完之后权限发生了改变,你会发现还是起不来,给特权也不行,如下:
[root@VM-0-15-centos data]# docker run -d --restart=always --name=filebeat --privileged=true -v /data/filebeat/:/usr/share/filebeat/ -v /var/log/test/:/var/log/test/ a4c1bdadf04d [root@VM-0-15-centos data]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 0bbd982ffe88 a4c1bdadf04d "/usr/local/bin/dock…" 3 seconds ago Restarting (127) Less than a second ago filebeat 9e4db19611eb 6de54f813b39 "/usr/local/bin/dumb…" 9 minutes ago Up 9 minutes 0.0.0.0:5601->5601/tcp kibana e75ea7daacc9 830a894845e3 "/tini -- /usr/local…" 11 minutes ago Up 11 minutes 0.0.0.0:9200->9200/tcp, 0.0.0.0:9300->9300/tcp es [root@VM-0-15-centos data]# docker logs 0bbd982ffe88 /usr/local/bin/docker-entrypoint: line 8: exec: filebeat: not found /usr/local/bin/docker-entrypoint: line 8: exec: filebeat: not found /usr/local/bin/docker-entrypoint: line 8: exec: filebeat: not found /usr/local/bin/docker-entrypoint: line 8: exec: filebeat: not found /usr/local/bin/docker-entrypoint: line 8: exec: filebeat: not found /usr/local/bin/docker-entrypoint: line 8: exec: filebeat: not found /usr/local/bin/docker-entrypoint: line 8: exec: filebeat: not found
没办法,我们只能参照容器内的文件权限进行修改了
[root@VM-0-15-centos data]# ls -ltr total 8 drwxr-x--- 7 root root 4096 May 28 2020 filebeat drwx------ 3 root root 4096 Feb 5 17:27 minikube
[root@VM-0-15-centos data]# chown -R filebeat.filebeat filebeat/ [root@VM-0-15-centos data]# ls -ltr total 8 drwxr-x--- 7 filebeat filebeat 4096 May 28 2020 filebeat drwx------ 3 root root 4096 Feb 5 17:27 minikube
再一次启动,这一次起来了
[root@VM-0-15-centos data]# docker restart filebeat filebeat [root@VM-0-15-centos data]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 0bbd982ffe88 a4c1bdadf04d "/usr/local/bin/dock…" 5 minutes ago Up 1 second filebeat 9e4db19611eb 6de54f813b39 "/usr/local/bin/dumb…" 14 minutes ago Up 14 minutes 0.0.0.0:5601->5601/tcp kibana e75ea7daacc9 830a894845e3 "/tini -- /usr/local…" 17 minutes ago Up 17 minutes 0.0.0.0:9200->9200/tcp, 0.0.0.0:9300->9300/tcp es
还没完,我们的filebeat收集日志信息需要发送给es,所以,我们需要让filebeat找到es,这里我们可以--link去共享,但是,如果在别的物理机上--link就没办法了,因此,我们还是找物理网卡地址吧,我们需要配置宿主机下/data/filebeat/filebeat.yml文件,内容如下,至于什么意思,自己查一下吧,我累了
filebeat.inputs: - type: log enabled: true paths: - /var/log/test/*.log multiline.pattern: '^d{4}-d{2}-d{2}' multiline.negate: true multiline.match: after setup.kibana.host: "http://172.16.0.15:5601" setup.dashboards.enabled: true output.elasticsearch: hosts: ["http://172.16.0.15:9200"] index: "filebeat-%{+yyyy.MM.dd}" setup.template.name: "my-log" setup.template.pattern: "my-log-*" json.keys_under_root: false json.overwrite_keys: true processors: - decode_json_fields: fields: [""] target: json
然后再次重启filebeat容器
[root@VM-0-15-centos filebeat]# docker restart filebeat filebeat
然后打开kibana界面,你会发现filebeat索引
接下来我们就往/var/log/test/a.log去写入一些内容,看看能不能采集到
查看一下kibana界面
就这样吧,累了!!!