Elasticsearch默認使用mmapfs目錄來存儲索引。操作系統默認的mmap計數太低可能導致內存不足,我們可以使用下面這條命令來增加內存:
sysctl -w vm.max_map_count=262144
創建Elasticsearch數據掛載路徑:
mkdir -p /sunsas/elasticsearch/data
對該路徑授予777權限:
chmod 777 /sunsas/elasticsearch/data
創建Elasticsearch插件掛載路徑:
mkdir -p /sunsas/elasticsearch/plugins
創建Logstash配置文件存儲路徑:
mkdir -p /sunsas/logstash
在該路徑下創建logstash-febs.conf配置文件(沒有安裝vim的話可以使用yum install vim命令安裝):
vim /sunsas/logstash/logstash-sunsas.conf
內容如下(注意先進入INSERT模式,不要輸錯):
input { tcp { mode => "server" host => "0.0.0.0" port => 4560 codec => json_lines } } output { elasticsearch { hosts => "es:9200" index => "febs-logstash-%{+YYYY.MM.dd}" } }
創建ELK Docker Compose文件存儲路徑:
mkdir -p /sunsas/elk
在該目錄下創建docker-compose.yml文件:
vim /sunsas/elk/docker-compose.yml
內容如下:
version: '3' services: elasticsearch: image: elasticsearch:6.4.1 container_name: elasticsearch environment: - "cluster.name=elasticsearch" #集群名稱為elasticsearch - "discovery.type=single-node" #單節點啟動 - "ES_JAVA_OPTS=-Xms512m -Xmx512m" #jvm內存分配為512MB volumes: - /febs/elasticsearch/plugins:/usr/share/elasticsearch/plugins #插件文件掛載 - /febs/elasticsearch/data:/usr/share/elasticsearch/data #數據文件掛載 ports: - 9200:9200 kibana: image: kibana:6.4.1 container_name: kibana links: - elasticsearch:es #配置elasticsearch域名為es depends_on: - elasticsearch #kibana在elasticsearch啟動之后再啟動 environment: - "elasticsearch.hosts=http://es:9200" #因為上面配置了域名,所以這里可以簡寫為http://es:9200 ports: - 5601:5601 logstash: image: logstash:6.4.1 container_name: logstash volumes: - /febs/logstash/logstash-febs.conf:/usr/share/logstash/pipeline/logstash.conf #掛載logstash的配置文件 depends_on: - elasticsearch links: - elasticsearch:es ports: - 4560:4560
切換到/sunsas/elk目錄下,使用如下命令啟動:
docker-compose up -d
第一次啟動需要下載,啟動完成后,查看docker容器:
docker ps -a
