學習資料
https://www.bilibili.com/video/BV1eY411w7Lx/
https://www.bilibili.com/video/BV1SQ4y1m7Ds?p=13
倉庫地址:
https://gitee.com/haima1004/elasticsearch7.14.1_kabana.git
環境:
linux
Docker version 19.03.15, build 99e3ed8919
docker-compose version 1.25.5, build 8a1c60f6
創建項目文件夾
mkdir ./es-kabana
當前目錄下所有文件賦予權限(讀、寫、執行)
chmod -R 777 ./es-kabana
cd es-kabana
docker-compose.yml
vim docker-compose.yml
version: '3'
# 網橋es -> 方便相互通訊
networks:
es:
services:
elasticsearch:
image: registry.cn-hangzhou.aliyuncs.com/zhengqing/elasticsearch:7.14.1 # 原鏡像`elasticsearch:7.14.1`
container_name: elasticsearch # 容器名為'elasticsearch'
restart: unless-stopped # 指定容器退出后的重啟策略為始終重啟,但是不考慮在Docker守護進程啟動時就已經停止了的容器
volumes: # 數據卷掛載路徑設置,將本機目錄映射到容器目錄
- "./es/data:/usr/share/elasticsearch/data"
- "./es/logs:/usr/share/elasticsearch/logs"
- "./es/config/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml"
- "./es/plugins/:/usr/share/elasticsearch/plugins"
#- "./es/config/jvm.options:/usr/share/elasticsearch/config/jvm.options"
environment: # 設置環境變量,相當於docker run命令中的-e
TZ: Asia/Shanghai
LANG: en_US.UTF-8
discovery.type: single-node
ES_JAVA_OPTS: "-Xmx512m -Xms512m"
#ELASTIC_PASSWORD: "123456" # elastic賬號密碼
ports:
- "9200:9200"
- "9300:9300"
networks:
- es
kibana:
image: registry.cn-hangzhou.aliyuncs.com/zhengqing/kibana:7.14.1 # 原鏡像`kibana:7.14.1`
container_name: kibana
restart: unless-stopped
volumes:
- ./kibana/config/kibana.yml:/usr/share/kibana/config/kibana.yml
- ./kibana/logs:/usr/share/kibana/logs
environment:
TZ: Asia/Shanghai # 更改容器時區為 CST(默認為UTC)
LANG: en_US.UTF-8
ports:
- "5601:5601"
depends_on:
- elasticsearch
links:
- elasticsearch
networks:
- es
elasticsearch-head:
image: wallbase/elasticsearch-head:6-alpine
container_name: elasticsearch-head
restart: unless-stopped
environment:
TZ: 'Asia/Shanghai'
ports:
- '9100:9100'
networks:
- es
kibana.yml
vim kibana/config/kibana.yml
#
# ** THIS IS AN AUTO-GENERATED FILE **
#
# Default Kibana configuration for docker target
server.name: kibana
server.host: "0.0.0.0"
elasticsearch.hosts: [ "http://elasticsearch:9200" ] # http://www.zhengqingya.com:9200 TODO 修改為自己的ip
xpack.monitoring.ui.container.elasticsearch.enabled: true
#elasticsearch.username: "elastic" # es賬號
#elasticsearch.password: "123456" # es密碼
i18n.locale: zh-CN # 中文
elasticsearch.yml
vim /es/config/elasticsearch.yml
cluster.name: "docker-cluster"
network.host: 0.0.0.0
http.port: 9200
# 開啟es跨域
http.cors.enabled: true
http.cors.allow-origin: "*"
http.cors.allow-headers: Authorization,Content-Type
# 開啟安全控制
#xpack.security.enabled: true
#xpack.security.transport.ssl.enabled: true
分詞器下載地址:
https://github.com/medcl/elasticsearch-analysis-ik/releases/tag/v7.14.1
目標結構
[root@HmEduCentos01 elasticsearch]# tree
.
├── docker-compose.yml
├── es
│ ├── config
│ │ └── elasticsearch.yml
│ ├── data
│ ├── plugins
│ │ └── analysis-ik-7.14.1
│ └── logs
├── kibana
│ ├── config
│ │ └── kibana.yml
└──└── logs
注意:
第一次運行報錯,是因為創建出來的文件夾權限不夠
創建出來的es data logs等文件夾,再賦予一下777權限
chmod -R 777 ./es-kabana
然后再刪除容器,重新運行
[root@HmEduCentos01 elasticsearch]# ll
總用量 12
-rwxrwxrwx. 1 root root 1567 4月 23 01:57 docker-compose.yml
drwxrwxrwx. 5 root root 4096 4月 23 01:55 es
-rwxrwxrwx. 1 root root 430 4月 23 01:46 kibana.yml
常用命令:
docker-compose up -d #后台啟動
docker-compose down #停止
[root@HmEduCentos01 docker]# docker ps -a
CONTAINER ID IMAGE COMMAND CREATED STATUS PORTS NAMES
1c5b971d99c3 registry.cn-hangzhou.aliyuncs.com/zhengqing/kibana:7.14.1 "/bin/tini -- /usr/l…" 41 minutes ago Up 41 minutes 0.0.0.0:5601->5601/tcp, :::5601->5601/tcp kibana
3ca20dcf4bd4 registry.cn-hangzhou.aliyuncs.com/zhengqing/elasticsearch:7.14.1 "/bin/tini -- /usr/l…" 41 minutes ago Up 41 minutes 0.0.0.0:9200->9200/tcp, :::9200->9200/tcp, 0.0.0.0:9300->9300/tcp, :::9300->9300/tcp elasticsearch
1af7cf5fd1ad wallbase/elasticsearch-head:6-alpine "/bin/sh -c 'node_mo…" 41 minutes ago Up 41 minutes 0.0.0.0:9100->9100/tcp, :::9100->9100/tcp elasticsearch-head
訪問
ES訪問地址:ip地址:9200
默認賬號密碼:elastic/123456 #未設置即為空
kibana訪問地址:ip地址:5601/app/dev_tools#/console
默認賬號密碼:elastic/123456 #未設置即為空
elasticsearch-head地址:ip地址:9100
GET _search
{
"query":{
"match_all":{}
}
}
參考文檔:
https://blog.csdn.net/qq_38225558/article/details/120580394?utm_medium=distribute.pc_aggpage_search_result.none-task-blog-2~aggregatepage~first_rank_ecpm_v1~rank_v31_ecpm-3-120580394.pc_agg_new_rank&utm_term=ES%E8%AE%BE%E7%BD%AE%E5%AF%86%E7%A0%81&spm=1000.2123.3001.4430
logstash軟件下載
華為源
這里我下載:logstash-7.14.1-linux-x86_64.tar.gz 大家根據自己的系統下載對應的版本
https://mirrors.huaweicloud.com/logstash/7.14.1/
官網地址:
https://www.elastic.co/cn/downloads/past-releases/logstash-7-14-1
這里我下載Linux x86_64的,大家根據自己的系統下載對應的版本
logstash導入movies.csv數據
- 進入
/elasticsearch7.14.1_kabana/logstash-7.14.1目錄 - 新建名為 logstash.conf 的文件.
input {
file {
# 引號的的內容為 movies.csv 的實際路徑,根據實際情況
path => "/home/haima/local/docker/es-kabana/logstash-7.14.1/movies.csv"
start_position => "beginning"
# 日志目錄
sincedb_path => "/home/haima/local/docker/es-kabana/logstash-7.14.1/db_path.log"
}
}
filter {
csv {
separator => ","
columns => ["id","content","genre"]
}
mutate {
split => { "genre" => "|" }
remove_field => ["path", "host","@timestamp","message"]
}
mutate {
split => ["content", "("]
add_field => { "title" => "%{[content][0]}"}
add_field => { "year" => "%{[content][1]}"}
}
mutate {
convert => {
"year" => "integer"
}
strip => ["title"]
remove_field => ["path", "host","@timestamp","message","content"]
}
}
output {
elasticsearch {
# 雙引號中的內容為ES的地址,視實際情況而定
hosts => "http://localhost:9200"
index => "movies"
document_id => "%{id}"
}
stdout {}
}
- 執行導入命令:
打開dos命令行,進入到 logstash 的 bin 目錄下,執行如下命令導入 movies 的數據
linux命令
logstash -f ../config/logstash.conf
windos命令
logstash.bat -f D:\logstash-datas\config\logstash.co
2.4.3 驗證進入到 kibana 的命令行頁面,執行 GET _cat/indices 驗證數據是否成功