2023-01-30
ELK
0

目录

<center>docker部署logstash</center>
创建文件夹

docker部署logstash

前置操作 开放端口,例如:25044

创建文件夹

  • 创建logstash相关文件夹,例如:/data/logstash

    shell
    mkdir -p /data/logstash

创建docker容器启动脚本

  1. 创建logstash.sh文件,并授权可执行权限

    shell
    touch /data/logstash/logstash.sh chmod 770 /data/logstash/logstash.sh vim /data/logstash/logstash.sh
  2. logstash.sh文件在编辑模式下,添加以下内容

    shell
    #!/bin/bash # 停止旧容器运行 docker stop logstash # 删除旧容器 docker rm logstash docker run -itd \ --privileged=true \ -v /data/logstash/data:/usr/share/logstash/data \ -p 25044:5044 \ --name logstash \ --restart=always \ logstash:7.17.5 # 将容器配置文件拷贝到宿主机 docker cp logstash:/usr/share/logstash/config /data/logstash docker cp logstash:/usr/share/logstash/pipeline /data/logstash exit 0
  3. 运行脚本启动容器

    shell
    /data/logstash/logstash.sh
  4. 文件夹递归授权

    shell
    chmod -R 770 /data/logstash
  5. 进入/data/logstash/config文件夹修改配置文件logstash.yml,内容如下

    yaml
    http.host: "0.0.0.0" # 开启用户认证 xpack.monitoring.enabled: true # es访问地址 xpack.monitoring.elasticsearch.hosts: [ "elasticsearch数据访问的ip+port" ] # es账号 xpack.monitoring.elasticsearch.username: "elastic" # es密码 xpack.monitoring.elasticsearch.password: "elastic对应的密码"
  6. 进入/data/logstash/pipeline文件夹下,修改logstash.conf文件,内容如下

    shell
    input { tcp { mode => "server" host => "0.0.0.0" port => 5044 codec => json_lines } } output { elasticsearch { hosts => ["elasticsearch数据访问的ip+port"] index => "connector" user => "elastic" password => "elastic对应的密码" } stdout { codec => rubydebug } }
  7. 再次修改elasticsearch.sh文件,修改后的内容如下,再次执行脚本

    shell
    #!/bin/bash # 停止旧容器运行 docker stop logstash # 删除旧容器 docker rm logstash docker run -itd \ --privileged=true \ -v /data/logstash/data:/usr/share/logstash/data \ -v /data/logstash/config:/usr/share/logstash/config \ -v /data/logstash/pipeline:/usr/share/logstash/pipeline \ -p 25044:5044 \ --name logstash \ --restart=always \ logstash:7.17.5 exit 0

:容器默认jvm为1G,若需要修改则进入/data/logstash/config文件夹修改jvm.options文件

shell
-Xms256m -Xmx256m