Filebeat无法将Docker容器日志转发到作为Docker容器运行的ELK

时间:2018-06-06 14:00:02

标签: docker elasticsearch logstash elastic-stack filebeat

我需要将所有docker容器的日志转发给ELK,因为我使用的是Filebeat,但是无法获得任何好的结果。 我使用deviantony / docker-elk进行ELK设置,使用自定义Logstash配置:

input {
  beats {
    port => 5044
  }
}

output {
  elasticsearch {
    hosts => ["elasticsearch:9200"]
    index => "%{[@metadata][beat]}-%{[@metadata][version]}-%{+YYYY.MM.dd}" 
  }
}

一个自定义的Filebeat映像,它有一个像这样的dockerfile:

FROM docker.elastic.co/beats/filebeat:6.2.4
COPY filebeat.yml /usr/share/filebeat/filebeat.yml
USER root
RUN chown filebeat /usr/share/filebeat/filebeat.yml
USER filebeat

在同一个文件夹中有一个filebeat.yml:

filebeat.prospectors:
- type: log
  enabled: true
  paths:
    - /var/lib/docker/containers/*/*.log
output.logstash:
  hosts: ["{{LOGSTASH_HOST}}:{{LOGSTASH_PORT}}"]

我的docker-compose:yml:

version: '2'

services:

  elasticsearch:
    build:
      context: elasticsearch/
    volumes:
      - ./elasticsearch/config/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml:ro
    ports:
      - "9200:9200"
      - "9300:9300"
    environment:
      ES_JAVA_OPTS: "-Xmx256m -Xms256m"
    networks:
      - elk

  logstash:
    build:
      context: logstash/
    volumes:
      - ./logstash/config/logstash.yml:/usr/share/logstash/config/logstash.yml:ro
      - ./logstash/pipeline:/usr/share/logstash/pipeline:ro
    ports:
      - "5044:5044"
    environment:
      LS_JAVA_OPTS: "-Xmx256m -Xms256m"
    networks:
      - elk
    depends_on:
      - elasticsearch

  kibana:
    build:
      context: kibana/
    volumes:
      - ./kibana/config/:/usr/share/kibana/config:ro
    ports:
      - "5601:5601"
    networks:
      - elk
    depends_on:
      - elasticsearch

  filebeat:
    build: 
      context: filebeat/
    restart: always
    volumes:
      - /var/lib/docker:/var/lib/docker
    environment:
      - LOGSTASH_HOST=logstash
      - LOGSTASH_PORT=5044
    networks:
      - elk
    depends_on:
      - logstash

networks:
  elk:
    driver: bridge

Filebeat日志如下:   https://pastebin.com/Q8QWZSxC

主要是我收到此错误:

{"log":"2018-06-06T13:30:09.087Z\u0009INFO\u0009[monitoring]\u0009log/log.go:124\u0009Non-zero metrics in the last 30s\u0009{\"monitoring\": {\"metrics\": {\"beat\":{\"cpu\":{\"system\":{\"ticks\":150,\"time\":153},\"total\":{\"ticks\":270,\"time\":276,\"value\":270},\"user\":{\"ticks\":120,\"time\":123}},\"info\":{\"ephemeral_id\":\"8ab3739e-a54b-47fd-b3a1-689c36ed7487\",\"uptime\":{\"ms\":750010}},\"memstats\":{\"gc_next\":4194304,\"memory_alloc\":1469888,\"memory_total\":7539352,\"rss\":-536576}},\"filebeat\":{\"harvester\":{\"open_files\":0,\"running\":0}},\"libbeat\":{\"config\":{\"module\":{\"running\":0}},\"pipeline\":{\"clients\":1,\"events\":{\"active\":0}}},\"registrar\":{\"states\":{\"current\":0}},\"system\":{\"load\":{\"1\":0.69,\"15\":1.07,\"5\":1.01,\"norm\":{\"1\":0.1725,\"15\":0.2675,\"5\":0.2525}}}}}}\n","stream":"stderr","time":"2018-06-06T13:30:09.087950266Z"}

0 个答案:

没有答案
相关问题
最新问题