Elasticsearch+kibana+IK+Logstash快速开始

2年前 / 24浏览

Elasticsearch+kibana+IK+Logstash快速开始

docker

容器内安装vim

docker exec -it --user=root f939f8e98c5b /bin/bash
# 不加--user=root 会 Permission Denied
# 然后安装
apt-get update
apt-get install vim

安装 Elasticsearch

docker pull docker.elastic.co/elasticsearch/elasticsearch:8.1.2

docker network create elastic

  docker run -d \
      --name elasticsearch \
      -e "ES_JAVA_OPTS=-Xms512m -Xmx512m" \
      -e "discovery.type=single-node" \
      -v es-data:/usr/share/elasticsearch/data \
      -v es-plugins:/usr/share/elasticsearch/plugins \
      --privileged \
      --network elastic \
      -p 9200:9200 \
      -p 9300:9300 \
  docker.elastic.co/elasticsearch/elasticsearch:8.1.2

此时

curl 127.0.0.1:9200  
curl: (52) Empty reply from server

进入容器，修改elasticsearch.yml

docker exec -it d31948cd75ef /bin/bash

vi config/elasticsearch.yml
# 将其中的
xpack.security.enabled: true
# 修改为
xpack.security.enabled: false

安装 kibana

docker pull docker.elastic.co/kibana/kibana:8.1.2
docker run -d \
--name kibana \
-e ELASTICSEARCH_HOSTS=http://192.168.146.129:9200 \
--network elastic \
-p 5601:5601  \
docker.elastic.co/kibana/kibana:8.1.2

# 查看日志
docker logs -f elasticsearch
docker logs -f kibana

# 中文
i18n.locale: zh-CN

安装IK分词器

下载并上传（或者 wget）
https://github.com/medcl/elasticsearch-analysis-ik/releases

# 解压
unzip [ik.zip] -d ./ik

#将ik文件夹拷贝到elasticsearch容器中
docker cp ik elasticsearch:/usr/share/elasticsearch/plugins

#重启容器
docker restart elasticsearch

安装 Logstash

docker pull logstash:8.1.2

mkdir /mydata/logstash

vim   /mydata/logstash/logstash.conf

# 进入容器内部，安装json_lines插件
logstash-plugin install logstash-codec-json_lines

input {
  tcp {
    mode => "server"
    host => "0.0.0.0"
    port => 4560
    codec => json_lines
    type => "debug"
  }
  tcp {
    mode => "server"
    host => "0.0.0.0"
    port => 4561
    codec => json_lines
    type => "error"
  }
  tcp {
    mode => "server"
    host => "0.0.0.0"
    port => 4562
    codec => json_lines
    type => "business"
  }
  tcp {
    mode => "server"
    host => "0.0.0.0"
    port => 4563
    codec => json_lines
    type => "record"
  }
}
filter{
  if [type] == "record" {
    mutate {
      remove_field => "port"
      remove_field => "host"
      remove_field => "@version"
    }
    json {
      source => "message"
      remove_field => ["message"]
    }
  }
}
output {
  elasticsearch {
    hosts => "es:9200"
    index => "mall-%{type}-%{+YYYY.MM.dd}"
  }
}