{"id":276,"date":"2026-01-26T02:05:09","date_gmt":"2026-01-26T02:05:09","guid":{"rendered":"https:\/\/blog.gpst.net.cn:4008\/?p=276"},"modified":"2026-01-28T06:24:14","modified_gmt":"2026-01-28T06:24:14","slug":"efk%e6%97%a5%e5%bf%97%e5%b9%b3%e5%8f%b0%ef%bc%8c%e6%94%b6%e9%9b%86docker%e6%97%a5%e5%bf%97","status":"publish","type":"post","link":"https:\/\/opshub.com.cn\/?p=276","title":{"rendered":"EFK\u65e5\u5fd7\u5e73\u53f0\uff0c\u6536\u96c6docker\u65e5\u5fd7"},"content":{"rendered":"\n

sysctl -w vm.max_map_count=262144<\/code><\/p>\n\n\n\n

docker run -dit \\\n-p 9200:9200 \\\n-p 9300:9300 \\\n-e TZ=Asia\/Shanghai \\\n-e ES_JAVA_OPTS=\"-Xms512m -Xmx512m\" \\\n--name=elasticsearch \\\n-v \/opt\/efk\/elasticsearch.yml:\/usr\/share\/elasticsearch\/config\/elasticsearch.yml \\\n-v \/opt\/efk\/elasticsearch\/plugins:\/usr\/share\/elasticsearch\/plugins \\\nelasticsearch:7.17.17<\/code><\/pre>\n\n\n\n
elasticsearch.yml\uff1a<\/p>\n\n\n\n
cluster.name: \"docker-cluster\"\nnetwork.host: 0.0.0.0\n# \u8bbf\u95eeID\u9650\u5b9a\uff0c0.0.0.0\u4e3a\u4e0d\u9650\u5236\uff0c\u751f\u4ea7\u73af\u5883\u8bf7\u8bbe\u7f6e\u4e3a\u56fa\u5b9aIP\ntransport.host: 0.0.0.0\n# elasticsearch\u8282\u70b9\u540d\u79f0\nnode.name: node-1\n# elasticsearch\u8282\u70b9\u4fe1\u606f\ncluster.initial_master_nodes: [\"node-1\"]\n# \u4e0b\u9762\u7684\u914d\u7f6e\u662f\u5173\u95ed\u8de8\u57df\u9a8c\u8bc1\nhttp.cors.enabled: true\nhttp.cors.allow-origin: \"*\"<\/code><\/pre>\n\n\n\n
docker run -dit \\\n--name kibana \\\n-p 5601:5601 \\\n-v \/opt\/efk\/kibana.yml:\/usr\/share\/kibana\/config\/kibana.yml kibana:7.17.17<\/code><\/pre>\n\n\n\n
kibana.yml:<\/p>\n\n\n\n
server.port: 5601\nserver.host: \"0.0.0.0\"\nelasticsearch.hosts: [\"http:\/\/10.46.143.50:9200\"]\n# \u64cd\u4f5c\u754c\u9762\u8bed\u8a00\u8bbe\u7f6e\ni18n.locale: \"zh-CN\"<\/code><\/pre>\n\n\n\n
filebeat\u6ce8\u518c\u670d\u52a1\uff1a<\/p>\n\n\n\n
\/lib\/systemd\/system\/filebeat.service\uff1a<\/p>\n\n\n\n
[Unit]\nDescription=filebeat\nAfter=network.target\n[Service]\nWorkingDirectory=\/opt\/efk\/filebeat\nExecStart=\/opt\/efk\/filebeat\/filebeat -e -c \/opt\/efk\/filebeat\/filebeat.yml\n[Install]\nWantedBy=multi-user.target<\/code><\/pre>\n\n\n\n
filebeat.yml:<\/p>\n\n\n\n
filebeat.inputs:\n- type: filestream\n  id: e61a8244-705a-46d9-99b6-45ea8bdbe90e\n  enabled: true\n  paths:\n    - \/data\/var\/lib\/docker\/containers\/*\/*-json.log\nsetup.ilm.enabled: false\n\n\n\n\n\n\n\n\n  parsers:\n  - multiline:\n      type: pattern\n      pattern: '^[[:space:]]+(at|\\.{3})[[:space:]]+\\b|^Caused by:'\n      negate: false\n      match: after\n\n\n\n\n\n\n\n\n# ======================= Elasticsearch template setting =======================\n\n\n\n\nsetup.template.settings:\n  index.number_of_shards: 1\nsetup.template.name: \"docker165\"\nsetup.template.pattern: \"docker165-*\"\nsetup.template.enabled: true\n  #index.codec: best_compression\n  #_source.enabled: false\n# ---------------------------- Elasticsearch Output ----------------------------\noutput.elasticsearch:\n  # Array of hosts to connect to.\n  hosts: [\"10.46.143.50:9200\"]\n\n\n\n\n  # Protocol - either `http` (default) or `https`.\n  #protocol: \"https\"\n\n\n\n\n  # Authentication credentials - either API key or username\/password.\n  #api_key: \"id:api_key\"\n  #username: \"elastic\"\n  #password: \"changeme\"\n  index: docker165-%{+yyyy.MM.dd}<\/code><\/pre>\n\n\n\n
filebeat.inputs:\n- type: filestream\n  id: 2892fa6f-08bb-4e1f-ae2f-eca8d6fae09d\n  enabled: true\n  paths:\n    - \/opt\/efk\/data\/logs\/social-admin.log\n  prospector.scanner.exclude_files: ['.gz$']\n  parsers:\n  - multiline:\n      type: pattern\n      pattern: '^[[:space:]]+(at|\\.{3})[[:space:]]+\\b|^Caused by:'\n      negate: false\n      match: after\nfilebeat.config.modules:\n  path: ${path.config}\/modules.d\/*.yml\n  reload.enabled: false\nsetup.template.settings:\n  index.number_of_shards: 1\nsetup.template.name: \"social-admin.log-dev\"\nsetup.template.pattern: \"social-admin.log-dev-*\"\nsetup.template.enabled: true\nsetup.kibana:\noutput.elasticsearch:\n  hosts: [\"210.14.75.1:9200\"]\n  preset: balanced\n  index: social-admin.log-dev-%{+yyyy.MM.dd}\nprocessors:\n  - add_host_metadata:\n      when.not.contains.tags: forwarded\n  - add_cloud_metadata: ~\n  - add_docker_metadata: ~\n  - add_kubernetes_metadata: ~<\/code><\/pre>\n","protected":false},"excerpt":{"rendered":"
sysctl -w vm.max_map_count=262144 elasticsearch.yml\uff1a kibana.yml: filebeat\u6ce8\u518c\u670d\u52a1\uff1a \/lib\/systemd\/system\/filebeat.service\uff1a filebeat.yml:<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[6],"tags":[],"class_list":["post-276","post","type-post","status-publish","format-standard","hentry","category-dockerkubernetes"],"_links":{"self":[{"href":"https:\/\/opshub.com.cn\/index.php?rest_route=\/wp\/v2\/posts\/276","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/opshub.com.cn\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/opshub.com.cn\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/opshub.com.cn\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/opshub.com.cn\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=276"}],"version-history":[{"count":3,"href":"https:\/\/opshub.com.cn\/index.php?rest_route=\/wp\/v2\/posts\/276\/revisions"}],"predecessor-version":[{"id":635,"href":"https:\/\/opshub.com.cn\/index.php?rest_route=\/wp\/v2\/posts\/276\/revisions\/635"}],"wp:attachment":[{"href":"https:\/\/opshub.com.cn\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=276"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/opshub.com.cn\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=276"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/opshub.com.cn\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=276"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}