第一步,拉去鏡像
kibana 7.7.1 6de54f813b39 8 months ago 1.2GB elasticsearch 7.7.1 830a894845e3 8 months ago 804MB docker.elastic.co/beats/filebeat 7.7.1 a4c1bdadf04d 8 months ago 456MB
第二步,啟動es
[root@VM-0-15-centos ~]# docker run -d -e ES_JAVA_POTS="-Xms512m -Xmx512m" -e "discovery.type=single-node" -p 9200:9200 -p 9300:9300 --name es 830a894845e3 e75ea7daacc912b43b07f85f0ebf3719ae581cb9463595649b9d576e3255c5db [root@VM-0-15-centos ~]# [root@VM-0-15-centos ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES e75ea7daacc9 830a894845e3 "/tini -- /usr/local…" 3 seconds ago Up 1 second 0.0.0.0:9200->9200/tcp, 0.0.0.0:9300->9300/tcp es
驗證es,出現如下顯示,代表ok
[root@VM-0-15-centos ~]# curl 127.0.0.1:9200 { "name" : "e75ea7daacc9", "cluster_name" : "docker-cluster", "cluster_uuid" : "fRca9tI6R5ucaPXaUqbw7w", "version" : { "number" : "7.7.1", "build_flavor" : "default", "build_type" : "docker", "build_hash" : "ad56dce891c901a492bb1ee393f12dfff473a423", "build_date" : "2020-05-28T16:30:01.040088Z", "build_snapshot" : false, "lucene_version" : "8.5.1", "minimum_wire_compatibility_version" : "6.8.0", "minimum_index_compatibility_version" : "6.0.0-beta1" }, "tagline" : "You Know, for Search" }
第三步,啟動kibana,--link es容器id:別名,這樣目的是讓kibana和es共享一個網絡,並且可以通過別名解析
[root@VM-0-15-centos ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES e75ea7daacc9 830a894845e3 "/tini -- /usr/local…" 2 minutes ago Up 2 minutes 0.0.0.0:9200->9200/tcp, 0.0.0.0:9300->9300/tcp es
[root@VM-0-15-centos ~]# docker run --link e75ea7daacc9:elasticsearch -p 5601:5601 -d --name kibana 6de54f813b39 9e4db19611eb509e0c3e698f9cf8363f256135a01c74555a8c5c341ce62f561e
打開瀏覽器,驗證一下,能出現這個界面代表沒問題
第四步,啟動filebeat,注意,這里有坑,往下看
我們在啟動filebeat的時候需要用到容器下面的/usr/share/filebeat目錄下的所有文件,但是我們-v去映射的時候是宿主機的目錄跟容器目錄去映射,本來容器內有很多文件的,但是我們-v映射后變成空目錄,導致起不來,所以我們需要先啟動filebeat然后再把容器內部的文件復制到宿主機
[root@VM-0-15-centos ~]# docker run -d --name filebeat a4c1bdadf04d 84e57c04bd13007c1524923f60790a971943cef6200dbe21bc636642e10a21b6 [root@VM-0-15-centos ~]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 84e57c04bd13 a4c1bdadf04d "/usr/local/bin/dock…" 10 seconds ago Up 9 seconds filebeat 9e4db19611eb 6de54f813b39 "/usr/local/bin/dumb…" 6 minutes ago Up 6 minutes 0.0.0.0:5601->5601/tcp kibana e75ea7daacc9 830a894845e3 "/tini -- /usr/local…" 8 minutes ago Up 8 minutes 0.0.0.0:9200->9200/tcp, 0.0.0.0:9300->9300/tcp es
[root@VM-0-15-centos ~]# docker cp filebeat:/usr/share/filebeat /data/ [root@VM-0-15-centos ~]# cd /data/ [root@VM-0-15-centos data]# ls filebeat minikube
這時候我們可以-v去映射目錄了,但是........還有坑,我們用docker cp命令復制完之后權限發生了改變,你會發現還是起不來,給特權也不行,如下:
[root@VM-0-15-centos data]# docker run -d --restart=always --name=filebeat --privileged=true -v /data/filebeat/:/usr/share/filebeat/ -v /var/log/test/:/var/log/test/ a4c1bdadf04d [root@VM-0-15-centos data]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 0bbd982ffe88 a4c1bdadf04d "/usr/local/bin/dock…" 3 seconds ago Restarting (127) Less than a second ago filebeat 9e4db19611eb 6de54f813b39 "/usr/local/bin/dumb…" 9 minutes ago Up 9 minutes 0.0.0.0:5601->5601/tcp kibana e75ea7daacc9 830a894845e3 "/tini -- /usr/local…" 11 minutes ago Up 11 minutes 0.0.0.0:9200->9200/tcp, 0.0.0.0:9300->9300/tcp es [root@VM-0-15-centos data]# docker logs 0bbd982ffe88 /usr/local/bin/docker-entrypoint: line 8: exec: filebeat: not found /usr/local/bin/docker-entrypoint: line 8: exec: filebeat: not found /usr/local/bin/docker-entrypoint: line 8: exec: filebeat: not found /usr/local/bin/docker-entrypoint: line 8: exec: filebeat: not found /usr/local/bin/docker-entrypoint: line 8: exec: filebeat: not found /usr/local/bin/docker-entrypoint: line 8: exec: filebeat: not found /usr/local/bin/docker-entrypoint: line 8: exec: filebeat: not found
沒辦法,我們只能參照容器內的文件權限進行修改了
[root@VM-0-15-centos data]# ls -ltr total 8 drwxr-x--- 7 root root 4096 May 28 2020 filebeat drwx------ 3 root root 4096 Feb 5 17:27 minikube
[root@VM-0-15-centos data]# chown -R filebeat.filebeat filebeat/ [root@VM-0-15-centos data]# ls -ltr total 8 drwxr-x--- 7 filebeat filebeat 4096 May 28 2020 filebeat drwx------ 3 root root 4096 Feb 5 17:27 minikube
再一次啟動,這一次起來了
[root@VM-0-15-centos data]# docker restart filebeat filebeat [root@VM-0-15-centos data]# docker ps CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES 0bbd982ffe88 a4c1bdadf04d "/usr/local/bin/dock…" 5 minutes ago Up 1 second filebeat 9e4db19611eb 6de54f813b39 "/usr/local/bin/dumb…" 14 minutes ago Up 14 minutes 0.0.0.0:5601->5601/tcp kibana e75ea7daacc9 830a894845e3 "/tini -- /usr/local…" 17 minutes ago Up 17 minutes 0.0.0.0:9200->9200/tcp, 0.0.0.0:9300->9300/tcp es
還沒完,我們的filebeat收集日志信息需要發送給es,所以,我們需要讓filebeat找到es,這里我們可以--link去共享,但是,如果在別的物理機上--link就沒辦法了,因此,我們還是找物理網卡地址吧,我們需要配置宿主機下/data/filebeat/filebeat.yml文件,內容如下,至於什么意思,自己查一下吧,我累了
filebeat.inputs: - type: log enabled: true paths: - /var/log/test/*.log multiline.pattern: '^\d{4}-\d{2}-\d{2}' multiline.negate: true multiline.match: after setup.kibana.host: "http://172.16.0.15:5601" setup.dashboards.enabled: true output.elasticsearch: hosts: ["http://172.16.0.15:9200"] index: "filebeat-%{+yyyy.MM.dd}" setup.template.name: "my-log" setup.template.pattern: "my-log-*" json.keys_under_root: false json.overwrite_keys: true processors: - decode_json_fields: fields: [""] target: json
然后再次重啟filebeat容器
[root@VM-0-15-centos filebeat]# docker restart filebeat filebeat
然后打開kibana界面,你會發現filebeat索引
接下來我們就往/var/log/test/a.log去寫入一些內容,看看能不能采集到
查看一下kibana界面
就這樣吧,累了!!!