在docker-compose ELK堆栈上重新使用现有卷

时间:2019-04-04 05:38:24

标签: docker elastic-stack

我正在尝试重新使用已有几天日志的ES卷。 但无法弄清楚如何。对docker-compose几乎没有零经验。

在尝试运行docker-compose时,我得到了:

ERROR: for elasticsearch  Cannot start service elasticsearch: oci runtime error: container_linux.go:247: starting container process caused "process_linux.go:245: running exec setns process for init caused \"exit status 17\""
Starting kibana ... error

ERROR: for kibana  Cannot start service kibana: oci runtime error: container_linux.go:247: starting container process caused "process_linux.go:245: running exec setns process for init caused \"exit status 17\""


ERROR: for elasticsearch  Cannot start service elasticsearch: oci runtime error: container_linux.go:247: starting container process caused "process_linux.go:245: running exec setns process for init caused \"exit status 17\""


ERROR: for kibana  Cannot start service kibana: oci runtime error: container_linux.go:247: starting container process caused "process_linux.go:245: running exec setns process for init caused \"exit status 17\""

ERROR: Encountered errors while bringing up the project.

这是我的规格:

version: "3"
services:
  nginx:
    image: nginx:alpine
    container_name: nginx
    command: nginx -g "daemon off;"
    volumes:
    - ./nginx/config/conf.d:/etc/nginx/conf.d
    ports:
      - "8080:8080"
    links:
      - kibana

  elasticsearch:
    image: docker.elastic.co/elasticsearch/elasticsearch:6.7.0
    container_name: elasticsearch
    environment:
      - "ES_JAVA_OPTS=-Xms6g-Xmx6g"
    volumes:
      - ./elasticsearch:/usr/share/elasticsearch/data
    ports:
      - "9200:9200"
      - "9300:9300"

  logstash:
    build: logstash/
    command: logstash -f /etc/logstash/conf.d/logstash.conf
    container_name: logstash
    environment:
      - "LS_JAVA_OPTS=-Xmx256m -Xms256m"

    volumes:
      - ./logstash/config:/etc/logstash/conf.d
    ports:
      - "5000:5000"
      - "5044:5044"
    links:
      - elasticsearch

  kibana:
    build: kibana/
    container_name: kibana
    volumes:
      - ./kibana/config:/opt/kibana/config
    ports:
      - "5601:5601"

volumes:
  elasticsearch:
    driver: local

我也尝试过:

volumes:
  elasticsearch:
    driver: local
    driver_opts:
      type: 'none'
      o: 'bind'
      device: '/myfolder/elasticsearch/storage/'

版本:

docker-compose version 1.18.0, build 8dd22a9

我创建了该卷:

docker volume create elasticsearch

并尝试删除该/ var / lib / docker / volumes / xxxxx文件夹并进行符号链接到我的卷,但是没有这样做。

有可能吗?我已将卷连接到主机,没有其他东西在运行,也没有较旧的图像/卷。只有其中包含现有数据的ELK堆栈。

谢谢

1 个答案:

答案 0 :(得分:0)

由于我们无法使用附加的卷对数据进行索引,因此我们决定从头开始,使用新版本,构建另一个docker-compose文件,并使filebeat从服务器中获取日志文件。不利的一面是,这些导入的日志的日期是从导入时开始的,但是其中一个字段的实际日期带有时间戳。

相关问题
最新问题