我在docker上安装了ELK堆栈(每个都位于同一网络上的不同容器中,并且它们使用官方的elk映像)。 这是我配置麋鹿的方式:
1. sudo docker network create somenetwork
2.
sudo docker pull elasticsearch:6.6.1
sudo docker run -dit --name elasticsearch -h elasticsearch --net somenetwork -p 9200:9200 -p 9300:9300 -e "discovery.type=single-node" elasticsearch:6.6.1
3.
sudo docker pull kibana:6.6.1
sudo docker run -dit --name kibana -h kibana --net somenetwork -p 5601:5601 kibana:6.6.1
4. RUN logstash
sudo docker pull logstash:6.6.1
sudo docker run -it --name logstash -h logstash --net somenetwork -p 5044:5044 -v $(pwd)/pipeline/:/usr/share/logstash/pipeline -v $(pwd)/config/logstash.yml:/usr/share/logstash/config/logstash.yml logstash:6.6.1 logstash -f /usr/share/logstash/pipeline/logstash.conf
我还具有运行filebeat的应用程序容器,该容器具有“ log.out”日志文件。这是“ filebeat.yml”:
filebeat.prospectors:
- input_type: log
enabled: true
paths:
- /home/log.out
output.logstash:
hosts: ["logstash:5044"]
logstash配置文件logstash.conf:
input
{
beats {
port => 5044
host => "0.0.0.0"
}
}
output{
elasticsearch { hosts => ["elasticsearch:9200"] }
}
我敢肯定我会错过一些简单的事情。我是麋鹿新手。谢谢