Docker系列ELK部署

　　1、前言
　　ELK由Elastaicsearch  、 Logstash  和 Kibana  组合，如下图所示，Logstash  从各种不同的数据源收集数据，通过内置的管道对输入的数据进行加工。最终，这些数据会被存储到 Elastaicsearch  中供 Kibana  完成数据可视化。
　　2、创建Docker自定义网络 docker network create esnet
　　3、Elasticsearch 安装 镜像拉取 docker pull elasticsearch:7.6.2Docker运行 docker run -d --name elasticsearch --net esnet -p 9200:9200 -p 9300:9300 -e ＂discovery.type=single-node＂ elasticsearch:7.6.2配置 elasticsearch.yml //添加 http.cors.enabled: true http.cors.allow-origin: ＂*＂ http.cors.allow-headers: Authorization xpack.security.enabled: true xpack.security.transport.ssl.enabled: true //配置完成后，重启elasticsearch容器 docker exec  -it elasticsearch bash 执行 bin/elasticsearch-setup-passwords interactive  [root@node01 elasticsearch-7.7.0]# bin/elasticsearch-setup-passwords interactive future versions of Elasticsearch will require Java 11; your Java version from [/opt/app/jdk1.8.0_181/jre] does not meet this requirement Initiating the setup of passwords for reserved users elastic,apm_system,kibana,logstash_system,beats_system,remote_monitoring_user. You will be prompted to enter passwords as the process progresses. Please confirm that you would like to continue [y/N]y Enter password for [elastic]:  Reenter password for [elastic]:  Enter password for [apm_system]:  Reenter password for [apm_system]:  Enter password for [kibana]:  Reenter password for [kibana]:  Enter password for [logstash_system]:  Reenter password for [logstash_system]:  Enter password for [beats_system]:  Reenter password for [beats_system]:  Enter password for [remote_monitoring_user]:  Reenter password for [remote_monitoring_user]:  Changed password for user [apm_system] Changed password for user [kibana] Changed password for user [logstash_system] Changed password for user [beats_system] Changed password for user [remote_monitoring_user] Changed password for user [elastic]
　　4、Kibana 安装 镜像拉取 docker pull kibana:7.6.2docker run -d --name kibana --net esnet -p 5601:5601 kibana：7.6.2配置修改kibana yml server.name: kibana server.host: ＂0＂ elasticsearch.hosts: [ ＂http://192.168.50.16:9200＂ ] xpack.monitoring.ui.container.elasticsearch.enabled: true i18n.locale: ＂zh-CN＂ elasticsearch.username: ＂elastic＂ elasticsearch.password: ＂123456＂
　　5、Logstash 安装 镜像拉取 docker pull logstash:7.6.2docker  run -it -d -p 5044:5044 --name logstash --net esnet logstash:7.6.2配置修改logstash yml //屏蔽掉 #http.host: ＂0.0.0.0＂ #xpack.monitoring.elasticsearch.hosts: [ ＂http://elasticsearch:9200＂ ]  //宿主拷贝到logstash容器 docker cp mysql-connector-java-8.0.23.jar logstash:/usr/share/logstash/config docker cp logstash-user.conf logstash:/usr/share/logstash/pipeline  logstash-user.conf修改配置 input {  stdin { }     jdbc { 	    type => ＂usertrack＂         #注意mysql连接地址一定要用ip，不能使用localhost等         jdbc_connection_string => ＂jdbc:mysql://192.168.19.113:3306/test_shop?useUnicode=true&characterEncoding=UTF-8&autoReconnect=true&useSSL=false＂         jdbc_user => ＂root＂         jdbc_password => ＂123456＂         #这个jar包的地址是容器内的地址         jdbc_driver_library => ＂/usr/share/logstash/config/mysql-connector-java-8.0.23.jar＂         jdbc_driver_class => ＂com.mysql.jdbc.Driver＂         jdbc_paging_enabled => ＂true＂         statement => ＂SELECT * FROM t_user_login＂         schedule => ＂* * * * *＂ 		jdbc_default_timezone => ＂Asia/Shanghai＂ 	    jdbc_page_size => ＂500＂ 	    record_last_run => true 		#use_column_value => true 		clean_run => false     }  }     output {      stdout {         codec => json_lines     }     elasticsearch {         #注意mysql连接地址一定要用ip，不能使用localhost等         hosts => ＂192.168.50.16:9200＂ 		index => ＂user-%{type}-%{+YYYY.MM.dd}＂ 		document_id => ＂%{id}＂ 		user => ＂elastic＂ 		password => ＂123456＂         #document_type => ＂_doc＂              } }  //重启logstash (docker restart logstash) 查看日志 docker logs –f logstash