docker部署elk(两台主机)

docker部署elk(两台主机) #安装dockermkdir -p /etc/yum.repos.d/bakmv /etc/yum.repos.d/*.repo /etc/yum.repos.d/bak/curl -o /etc/yum.repos.d/CentOS-Base.repo https://mirrors.aliyun.com/repo/Centos-7.repoyum clean allyum makecacheyum install -y yum-utilscd /etc/yum.repos.d/rm -f mirrors.aliyun.com_docker-ce_linux_centos_docker-ce.repocurl -o /etc/yum.repos.d/docker-ce.repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.reposed -i sdownload.docker.commirrors.aliyun.com/docker-ce /etc/yum.repos.d/docker-ce.reposed -i s/$releasever/7/g /etc/yum.repos.d/docker-ce.repoyum clean allyum makecache fastyum install -y docker-ce docker-ce-cli containerd.io docker-buildx-plugin docker-compose-pluginsystemctl start dockersystemctl enable docker#创捷一个网络docker network create elk#安装elkdocker run -d \--nameelasticsearch \-v es-data:/usr/share/elasticsearch/data \-e ES_JAVA_OPTS-Xms256m -Xmx512m \-e discovery.typesingle-node \-e xpack.security.enabledfalse \--net elk \-p 9200:9200 -p 9300:9300 \docker.elastic.co/elasticsearch/elasticsearch:8.6.2#安装kibanadocker run -d \--namekibana \-e ELASTICSEARCH_HOSTShttp://elasticsearch:9200 \-e I18N_LOCALEzh-CN \--net elk \-p 5601:5601 \docker.elastic.co/kibana/kibana:8.6.2#收集日志端下载filebeatrpm -ivh filebeat-8.6.2-x86_64.rpm#修改配置文件vi /etc/filebeat/filebeat.ymlfilebeat.inputs:- type: logenabled: truepaths:- /var/log/*.log- /var/log/massagesetup.ilm.enabled: falsesetup.template.name: testsetup.template.pattern: test-*output.elasticsearch:hosts: [http://192.168.255.93:9200]index: test-%{yyyy.MM.dd}#启动filebeatsystemctl start filebeatsystemctl status filebeat#索引管理查看索引#数据视图#搜集不同日志文件通过索引分类filebeat.inputs:- type: logenabled: truepaths:- /var/log/messagesfields_under_root: truefields:type: systemproject: msapp: system- type: logenabled: truepaths:- /mysql40/log/mysql.logfields_under_root: truefields:type: mysqlproject: msapp: mysqlsetup.ilm.enabled: falsesetup.template.name: mssetup.template.pattern: ms-*output.elasticsearch:hosts: [http://192.168.255.93:9200]indices:- index: ms-system-%{yyyy.MM.dd}when.contains:type: system- index: ms-mysql-%{yyyy.MM.dd}when.contains:type: mysql~