Docker 搭建 ELK 日志记录
-
docker create network elknet
-
docker run -d --name elasticsearch --network elknet --network-alias elasticsearch -p 9200:9200 -p 9300:9300 -e "discovery.type=single-node" elasticsearch:7.9.1
-
docker run -d --name kibana --network elknet --network-alias kibana -p 5601:5601 kibana:7.9.1
-
docker run -d --name logstash --network elknet --network-alias logstash -p 5044:5044 logstash:7.9.1
-
配置的log4j2发送tcp到logstash
-
vi /usr/share/logstash/pipeline/logstash.conf
-
input { tcp { port => 5044 mode => "server" } } output { elasticsearch { hosts => ["elasticsearch:9200"] index => "apidemo" } stdout{ codec => rubydebug } }
-
vim log4j2.xml
-
<appenders> + <Socket name="LogstashTcp" host="你的localhost" port="5044" protocol="TCP"> <PatternLayout> <Pattern>%d{HH:mm:ss.SSS} %-5level method:%l%n%m%n</Pattern> </PatternLayout> </Socket> </appenders> <loggers> <root level="trace"> + <appender-ref ref="LogstashTcp"/> </root> </loggers>
-
Kibana上添加apidemo index, 然后查询refash就显示数据了
参考资料:
https://www.kancloud.cn/hanxt/elk/158871
https://blog.csdn.net/youzi1394046585/article/details/105599525?utm_medium=distribute.pc_relevant.none-task-blog-baidujs_baidulandingword-0&spm=1001.2101.3001.4242
https://blog.csdn.net/weixin_41387105/article/details/114385531