sysctl -w vm.max_map_count=262144
docker run -dit \
-p 9200:9200 \
-p 9300:9300 \
-e TZ=Asia/Shanghai \
-e ES_JAVA_OPTS="-Xms512m -Xmx512m" \
--name=elasticsearch \
-v /opt/efk/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml \
-v /opt/efk/elasticsearch/plugins:/usr/share/elasticsearch/plugins \
elasticsearch:7.17.17elasticsearch.yml:
cluster.name: "docker-cluster"
network.host: 0.0.0.0
# 访问ID限定,0.0.0.0为不限制,生产环境请设置为固定IP
transport.host: 0.0.0.0
# elasticsearch节点名称
node.name: node-1
# elasticsearch节点信息
cluster.initial_master_nodes: ["node-1"]
# 下面的配置是关闭跨域验证
http.cors.enabled: true
http.cors.allow-origin: "*"docker run -dit \
--name kibana \
-p 5601:5601 \
-v /opt/efk/kibana.yml:/usr/share/kibana/config/kibana.yml kibana:7.17.17kibana.yml:
server.port: 5601
server.host: "0.0.0.0"
elasticsearch.hosts: ["http://10.46.143.50:9200"]
# 操作界面语言设置
i18n.locale: "zh-CN"filebeat注册服务:
/lib/systemd/system/filebeat.service:
[Unit]
Description=filebeat
After=network.target
[Service]
WorkingDirectory=/opt/efk/filebeat
ExecStart=/opt/efk/filebeat/filebeat -e -c /opt/efk/filebeat/filebeat.yml
[Install]
WantedBy=multi-user.targetfilebeat.yml:
filebeat.inputs:
- type: filestream
id: e61a8244-705a-46d9-99b6-45ea8bdbe90e
enabled: true
paths:
- /data/var/lib/docker/containers/*/*-json.log
setup.ilm.enabled: false
parsers:
- multiline:
type: pattern
pattern: '^[[:space:]]+(at|\.{3})[[:space:]]+\b|^Caused by:'
negate: false
match: after
# ======================= Elasticsearch template setting =======================
setup.template.settings:
index.number_of_shards: 1
setup.template.name: "docker165"
setup.template.pattern: "docker165-*"
setup.template.enabled: true
#index.codec: best_compression
#_source.enabled: false
# ---------------------------- Elasticsearch Output ----------------------------
output.elasticsearch:
# Array of hosts to connect to.
hosts: ["10.46.143.50:9200"]
# Protocol - either `http` (default) or `https`.
#protocol: "https"
# Authentication credentials - either API key or username/password.
#api_key: "id:api_key"
#username: "elastic"
#password: "changeme"
index: docker165-%{+yyyy.MM.dd}filebeat.inputs:
- type: filestream
id: 2892fa6f-08bb-4e1f-ae2f-eca8d6fae09d
enabled: true
paths:
- /opt/efk/data/logs/social-admin.log
prospector.scanner.exclude_files: ['.gz$']
parsers:
- multiline:
type: pattern
pattern: '^[[:space:]]+(at|\.{3})[[:space:]]+\b|^Caused by:'
negate: false
match: after
filebeat.config.modules:
path: ${path.config}/modules.d/*.yml
reload.enabled: false
setup.template.settings:
index.number_of_shards: 1
setup.template.name: "social-admin.log-dev"
setup.template.pattern: "social-admin.log-dev-*"
setup.template.enabled: true
setup.kibana:
output.elasticsearch:
hosts: ["210.14.75.1:9200"]
preset: balanced
index: social-admin.log-dev-%{+yyyy.MM.dd}
processors:
- add_host_metadata:
when.not.contains.tags: forwarded
- add_cloud_metadata: ~
- add_docker_metadata: ~
- add_kubernetes_metadata: ~
Categories:
docker与kubernetes