docker
容器内安装vim
docker exec -it --user=root f939f8e98c5b /bin/bash
# 不加--user=root 会 Permission Denied
# 然后安装
apt-get update
apt-get install vim
安装 Elasticsearch
docker pull docker.elastic.co/elasticsearch/elasticsearch:8.1.2
docker network create elastic
docker run -d \
--name elasticsearch \
-e "ES_JAVA_OPTS=-Xms512m -Xmx512m" \
-e "discovery.type=single-node" \
-v es-data:/usr/share/elasticsearch/data \
-v es-plugins:/usr/share/elasticsearch/plugins \
--privileged \
--network elastic \
-p 9200:9200 \
-p 9300:9300 \
docker.elastic.co/elasticsearch/elasticsearch:8.1.2
此时
curl 127.0.0.1:9200
curl: (52) Empty reply from server
进入容器,修改elasticsearch.yml
docker exec -it d31948cd75ef /bin/bash
vi config/elasticsearch.yml
# 将其中的
xpack.security.enabled: true
# 修改为
xpack.security.enabled: false
安装 kibana
docker pull docker.elastic.co/kibana/kibana:8.1.2
docker run -d \
--name kibana \
-e ELASTICSEARCH_HOSTS=http://192.168.146.129:9200 \
--network elastic \
-p 5601:5601 \
docker.elastic.co/kibana/kibana:8.1.2
# 查看日志
docker logs -f elasticsearch
docker logs -f kibana
# 中文
i18n.locale: zh-CN
安装IK分词器
下载并上传(或者 wget)
https://github.com/medcl/elasticsearch-analysis-ik/releases
# 解压
unzip [ik.zip] -d ./ik
#将ik文件夹拷贝到elasticsearch容器中
docker cp ik elasticsearch:/usr/share/elasticsearch/plugins
#重启容器
docker restart elasticsearch
安装 Logstash
docker pull logstash:8.1.2
mkdir /mydata/logstash
vim /mydata/logstash/logstash.conf
# 进入容器内部,安装json_lines插件
logstash-plugin install logstash-codec-json_lines
input {
tcp {
mode => "server"
host => "0.0.0.0"
port => 4560
codec => json_lines
type => "debug"
}
tcp {
mode => "server"
host => "0.0.0.0"
port => 4561
codec => json_lines
type => "error"
}
tcp {
mode => "server"
host => "0.0.0.0"
port => 4562
codec => json_lines
type => "business"
}
tcp {
mode => "server"
host => "0.0.0.0"
port => 4563
codec => json_lines
type => "record"
}
}
filter{
if [type] == "record" {
mutate {
remove_field => "port"
remove_field => "host"
remove_field => "@version"
}
json {
source => "message"
remove_field => ["message"]
}
}
}
output {
elasticsearch {
hosts => "es:9200"
index => "mall-%{type}-%{+YYYY.MM.dd}"
}
}