docker-elk.yml
约 279 字小于 1 分钟
9.docker-elk.yml
version: "3.5"
services:
elasticsearch:
image: andylsr/elasticsearch-with-ik-icu:7.14.0
container_name: elasticsearch
hostname: elasticsearch
restart: always
ports:
- 9200:9200
volumes:
- ./elasticsearch7/logs:/usr/share/elasticsearch/logs
- ./elasticsearch7/data:/usr/share/elasticsearch/data
- ./elasticsearch7/config/single-node.yml:/usr/share/elasticsearch/config/elasticsearch.yml
- ./elasticsearch7/config/jvm.options:/usr/share/elasticsearch/config/jvm.options
- ./elasticsearch7/config/log4j2.properties:/usr/share/elasticsearch/config/log4j2.properties
environment:
- "ES_JAVA_OPTS=-Xms512m -Xmx512m"
- "TZ=Asia/Shanghai"
- "TAKE_FILE_OWNERSHIP=true" #volumes 挂载权限 如果不想要挂载es文件改配置可以 删除
ulimits:
memlock:
soft: -1
hard: -1
networks:
base-env-network:
aliases:
- elasticsearch
kibana:
image: docker.elastic.co/kibana/kibana:7.14.0
container_name: kibana
volumes:
- ./elasticsearch7/config/kibana.yml:/usr/share/kibana/config/kibana.yml
ports:
- 15601:5601
ulimits:
nproc: 65535
memlock: -1
depends_on:
- elasticsearch
networks:
base-env-network:
aliases:
- kibana
logstash:
image: logstash:7.14.0
container_name: logstash
hostname: logstash
restart: always
ports:
- 19600:9600
- 15044:5044
volumes:
- ./logstash/logstash.conf:/usr/share/logstash/pipeline/logstash.conf:rw
- ./logstash/logstash.yml:/usr/share/logstash/config/logstash.yml
- ./logstash/data:/home/logstash/data
networks:
base-env-network:
aliases:
- logstash
# docker network create base-env-network
networks:
base-env-network:
external:
name: "base-env-network"
修改 logstash.conf 配置文件
input {
beats {
port => "5044"
}
}
filter {
if "message-dispatcher" in [tags]{
grok {
match => ["message", "%{TIMESTAMP_ISO8601:time}\s* \s*%
{NOTSPACE:thread-id}\s* \s*%{LOGLEVEL:level}\s* \s*%{JAVACLASS:class}\s* \- \s*%
{JAVALOGMESSAGE:logmessage}\s*"]
}
}
if "ExampleApplication" in [tags]{
grok {
match => ["message", "%{TIMESTAMP_ISO8601:time}\s* \s*%
{NOTSPACE:thread-id}\s* \s*%{LOGLEVEL:level}\s* \s*%{JAVACLASS:class}\s* \- \s*%
{JAVALOGMESSAGE:logmessage}\s*"]
}
}
mutate {
remove_field => "log"
remove_field => "beat"
remove_field => "meta"
remove_field => "prospector"
remove_field => "[host][os]"
}
}
output {
stdout { codec => rubydebug }
if "message-dispatcher" in [tags]{
elasticsearch {
hosts => [ "elasticsearch:9200" ]
index => "message-dispatcher-%{+yyyy.MM.dd}"
}
}
if "ExampleApplication" in [tags]{
elasticsearch {
hosts => [ "elasticsearch:9200" ]
index => "ExampleApplication-%{+yyyy.MM.dd}"
}
}
}