一、环境

IP 系统 配置 版本
192.168.10.100 Centos7.9 2核4G Docker Compose version v2.19.1、EFK-7.17.11

EFK版本是试用版本

二、安装docker环境

yum install -y yum-utils device-mapper-persistent-data lvm2

yum-config-manager --add-repo https://mirrors.aliyun.com/docker-ce/linux/centos/docker-ce.repo

sed -i 's+download.docker.com+mirrors.aliyun.com/docker-ce+' /etc/yum.repos.d/docker-ce.repo

yum makecache fast

yum -y install docker-ce

cat > /etc/docker/daemon.json <<EOF

{

"registry-mirrors":["https://pft7f97f.mirror.aliyuncs.com","https://registry.docker-cn.com","https://docker.mirrors.ustc.edu.cn","https://dockerhub.azk8s.cn","http://hub-mirror.c.163.com"]

}

EOF

systemctl daemon-reload

systemctl start docker

[root@efk efk]# docker compose version
Docker Compose version v2.19.1

三、下载EFK相关镜像

docker pull docker.elastic.co/elasticsearch/elasticsearch:7.17.11

docker pull docker.elastic.co/kibana/kibana:7.17.11

docker pull docker.elastic.co/beats/filebeat:7.17.11

[root@efk efk]# docker images

REPOSITORY                                      TAG       IMAGE ID       CREATED       SIZE

docker.elastic.co/beats/filebeat                7.17.11   b4bef40e4a4a   3 weeks ago   268MB

docker.elastic.co/elasticsearch/elasticsearch   7.17.11   0f404e39b5e6   3 weeks ago   630MB

docker.elastic.co/kibana/kibana                 7.17.11   ff2a71cd3986   3 weeks ago   798MB

四、编辑filebeat.yaml文件

[root@efk efk]# cat filebeat.yaml

filebeat.inputs:

- type: log

  paths:

    - '/usr/share/filebeat/logs/*'

processors:

  - decode_json_fields:

      fields: ["message"]

      target: ""

      overwrite_keys: true

output.elasticsearch:

  hosts: ["http://192.168.10.100:9200"]

  indices:

    - index: "filebeat-%{+yyyy.MM.dd}"

setup.kibana:

  host: "http://192.168.10.100:5601"

logging.json: true

logging.metrics.enabled: false

五、部署EFK系统

5.1 创建数据目录

mkdir /data/efk/es/data/nodes -p

chmod -R 777 /data/efk

5.2 编辑docker-compose.yaml文件

[root@efk efk]# cat docker-compose.yml

version: '3.3'

services:

  elasticsearch:

    image: "docker.elastic.co/elasticsearch/elasticsearch:7.17.11"

    container_name: elasticsearch

    restart: always

    environment:

    - "ES_JAVA_OPTS=-Xms512m -Xmx512m"

    - "discovery.type=single-node"

    - "cluster.name=myes"

    - "node.name=jeven"

    # - xpack.security.enabled: "false"

    ulimits:

      memlock:

        soft: -1

        hard: -1

    networks:

      myefk:

        ipv4_address: 172.29.120.10

        aliases:

        - es

        - jeven

    ports:

    - "9200:9200"

    - "9300:9300"

    volumes:

    - /data/efk/es/data/:/usr/share/elasticsearch/data

  kibana:

    image: "docker.elastic.co/kibana/kibana:7.17.11"

    restart: always

    environment:

      # 注意这里的配置,否则会导致kibana页面不能打开

      ELASTICSEARCH.URL: http://192.168.10.100:9200

      ELASTICSEARCH.HOSTS: '["http:/192.168.10.100:9200"]'

      I18N_LOCALE: zh-CN

    networks:

      myefk:

        ipv4_address: 172.29.120.20

        aliases:

          - kibana

          - kib

    ports:

    - "5601:5601"

    links:

    - "elasticsearch"

  filebeat:

    image: "docker.elastic.co/beats/filebeat:7.17.11"

    restart: always

    networks:

      myefk:

        ipv4_address: 172.29.120.30

        aliases:

          - filebeat

          - fb

    user: root

    command: ["--strict.perms=false"]

    volumes:

    - /data/efk/filebeat.yaml:/usr/share/filebeat/filebeat.yml

    - /var/lib/docker:/var/lib/docker:ro

    - /var/run/docker.sock:/var/run/docker.sock

    links:

    - "elasticsearch"

    - "kibana"

networks:

  myefk:

    driver: bridge

    ipam:

      config:

        - subnet: 172.29.120.0/24

5.3 运行EFK

[root@efk efk]# docker compose up -d

[+] Running 4/4

  Network efk_myefk         Created                                                                                                                                                                                                   0.3s

  Container elasticsearch   Started                                                                                                                                                                                                   0.4s

  Container efk-kibana-1    Started                                                                                                                                                                                                   0.8s

  Container efk-filebeat-1  Started

# 关闭命令为 docker compose down

[root@efk efk]# docker compose ps

NAME                IMAGE                                                   COMMAND                  SERVICE             CREATED             STATUS              PORTS

efk-filebeat-1      docker.elastic.co/beats/filebeat:7.17.11                "/usr/bin/tini -- /u…"   filebeat            27 minutes ago      Up 27 minutes

efk-kibana-1        docker.elastic.co/kibana/kibana:7.17.11                 "/bin/tini -- /usr/l…"   kibana              27 minutes ago      Up 27 minutes       0.0.0.0:5601->5601/tcp, :::5601->5601/tcp

elasticsearch       docker.elastic.co/elasticsearch/elasticsearch:7.17.11   "/bin/tini -- /usr/l…"   elasticsearch       27 minutes ago      Up 27 minutes       0.0.0.0:9200->9200/tcp, :::9200->9200/tcp, 0.0.0.0:9300->9300/tcp, :::9300->9300/tcp

5.4 查看efk容器日志

[root@efk efk]# docker compose logs |head

elasticsearch  | {"type": "server", "timestamp": "2023-07-19T08:49:09,038Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "myes", "node.name": "jeven", "message": "loaded module [aggs-matrix-stats]" }

elasticsearch  | {"type": "server", "timestamp": "2023-07-19T08:49:09,038Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "myes", "node.name": "jeven", "message": "loaded module [analysis-common]" }

elasticsearch  | {"type": "server", "timestamp": "2023-07-19T08:49:09,038Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "myes", "node.name": "jeven", "message": "loaded module [constant-keyword]" }

elasticsearch  | {"type": "server", "timestamp": "2023-07-19T08:49:09,054Z", "level": "INFO", "component": "o.e.p.PluginsService", "cluster.name": "myes", "node.name": "jeven", "message": "loaded module [frozen-indices]" }

5.5 测试访问

[root@efk efk]# curl 192.168.10.100:9200

{

  "name" : "jeven",

  "cluster_name" : "myes",

  "cluster_uuid" : "-y4gQ2IvQ_CohEPfppPnSw",

  "version" : {

    "number" : "7.17.11",

    "build_flavor" : "default",

    "build_type" : "docker",

    "build_hash" : "eeedb98c60326ea3d46caef960fb4c77958fb885",

    "build_date" : "2023-06-23T05:33:12.261262042Z",

    "build_snapshot" : false,

    "lucene_version" : "8.11.1",

    "minimum_wire_compatibility_version" : "6.8.0",

    "minimum_index_compatibility_version" : "6.0.0-beta1"

  },

  "tagline" : "You Know, for Search"

}

六、访问Kibana服务

6.1 页面访问kibana进入首页

http://192.168.10.100:5601

6.2 查看日志信息

1.进入索引管理界面

选左侧打开目录:Managerment---stack managrment ---数据---索引管理

2.查看filebeta索引信息

3.创建索引

选择:索引模式---创建索引---设置索引名称--索引时间戳字段--创建索引

4.搜索日志信息

在主页,选择discover模块位置,根据字段可搜索日志信息

5.查看日志文件信息

Observability——日志,点击进入

本次搭建引用文章:https://cloud.tencent.com/developer/article/2210662

出现2个问题:

  1./data/efk/es目录的权限问题,我都改成了777

2.kibana页面不能访问问题,修改了docker-compose.yaml文件中,下面2个字段:

      ELASTICSEARCH.URL: http://192.168.10.100:9200

      ELASTICSEARCH.HOSTS: '["http:/192.168.10.100:9200"]'

docker-compose安装EFK的更多相关文章

  1. Docker Compose部署 EFK(Elasticsearch + Fluentd + Kibana)收集日志

    简述 本文用于记录如何使用Docker Compose部署 EFK(Elasticsearch + Fluentd + Kibana) 收集Docker容器日志,使用EFK,可以无侵入代码,获得灵活, ...

  2. 手把手教你 Docker Compose安装DOClever

    一.什么是Docker Compose以及Docker Compose的安装和使用 查看我的另外一篇博客:Docker Compose的安装和使用 二.DOClever是什么 DOClever是一个可 ...

  3. Docker Compose 安装 on centos7

    本文演示如何在CentOS7上安装Docker Compose. 1 在线安装 1.1 下载安装包 $ curl -L https://github.com/docker/compose/releas ...

  4. Docker Compose安装以及入门

    Docker Compose 是 Docker 官方编排(Orchestration)项目之一,负责快速在集群中部署分布式应用. Compose 简介 Compose 项目是 Docker 官方的开源 ...

  5. 使用 docker compose 安装 tidb

    目标 : 单机上通过 Docker Compose 快速一键部署一套 TiDB 测试集群 前提条件: 1.centos版本在7.3 以上 2.安装git 3.安装docker Docker versi ...

  6. centos docker compose安装

    docker compose离线安装 通过联网机器下载docker-compose离线安装包(参见Downloads部分) https://github.com/docker/compose/rele ...

  7. docker和docker compose安装使用、入门进阶案例

    一.前言 现在可谓是容器化的时代,云原生的袭来,导致go的崛起,作为一名java开发,现在慌得一批.作为知识储备,小编也是一直学关于docker的东西,还有一些持续继承jenkins. 提到docke ...

  8. Docker Compose安装部署Jenkins

    流水线可以让项目发布流程更加清晰,docker可以大大减少Jenkins配置. 1.前言 数据卷挂载到 /var 磁盘目录下,因为该磁盘空间较大,后面需要挂载容器数据卷,以防内存吃紧. 为了可以留存启 ...

  9. Docker Compose安装Registry后配置WebUI与客户端

    场景 Docker 私服Registry简介与使用Docker-Compose安装Registry: https://blog.csdn.net/BADAO_LIUMANG_QIZHI/article ...

  10. docker compose安装gitea

    docker-compose.yml version: "3.4" networks: gitea: external: false services: server: image ...

随机推荐

  1. [MySQL]流程控制语句

    [版权声明]未经博主同意,谢绝转载!(请尊重原创,博主保留追究权) https://www.cnblogs.com/cnb-yuchen/p/17991087 出自[进步*于辰的博客] 参考笔记三,P ...

  2. java使用ftp连接linux处理文件

    1.Maven依赖 <!-- FTP使用包 --> <dependency> <groupId>commons-net</groupId> <ar ...

  3. HTTP内容协商机制和断点续传

  4. 4 JavaScript数组和对象

    4 数组和对象 在JS中创建数组非常简单. 直接[ ]即可. 也可以用正规军的new Array(). 不过效果都是一样的. var as = [11,22,33,44,55]; var bs = n ...

  5. CTFshow pwn31 wp

    PWN31 使用checksec查看保护 发现除了canary剩下保护全开,那么就没有前面几个题目那么简单了,ida打开看见他给了我们main函数地址 虽然开了pie但是在他们之间的偏移是一定的,那么 ...

  6. #树状数组#洛谷 3531 [POI2012] LIT-Letters

    题目 给出两个长度相同且由大写英文字母组成的字符串\(A\).\(B\),保证\(A\)和\(B\)中每种字母出现的次数相同. 现在每次可以交换\(A\)中相邻两个字符,求最少需要交换多少次可以使得\ ...

  7. 决策树模型(4)Cart算法

    Cart算法 Cart是Classification and regression tree的缩写,即分类回归树.它和前面的ID3, C4.5等算法思想一致都是通过对输入空间进行递归划分并确定每个单元 ...

  8. DevEco Device Tool 3.1 Release新版本发布,新增资源管理器、SFTP、HDC

     原文链接:https://mp.weixin.qq.com/s/UGBirjf8nBjnfKck9TlyWg,点击链接查看更多技术内容:   DevEco Device Tool是面向智能设备开发者 ...

  9. 在centOS上配置web服务器

    centos,web服务,apache,ftp服务器,mysql,makefile (1). 检查系统是否正常 # more /var/log/messages //检查有无系统内核级错误信息 # d ...

  10. 重新点亮linux 命令树————服务管理工具[二十五]

    前言 简单整理一下服务管理工具. 正文 服务集中管理工具. service 功能简单 systemctl 功能多 先来看下service脚本位置: 然后看下vim network 这里可以看到代码非常 ...