书接前文,本章介绍Logstash和Kibana组件的部署,测试环境哦别干生产,如有帮助到您请给个免费的赞呗!
1.Logstash
1.1 Docker-compose 配置片段
1root@ubuntu2204test99:~/elkf# vi docker-compose.yml 2 logstash: 3 image: logstash:7.17.24 4 container_name: logstash-7.17.24 5 restart: always 6 environment: 7 - "LS_JAVA_OPTS=-Xms512m -Xmx512m" 8 ports: 9 - 5044:5044 10 - 9600:9600 11 volumes: 12 - /root/elkf/logstash/config/logstash.yml:/usr/share/logstash/config/logstash.yml 13 - /root/elkf/logstash/data:/usr/share/logstash/data 14 - /root/elkf/logstash/pipeline:/usr/share/logstash/pipeline 15 networks: 16 elk_net: 17 ipv4_address: 192.168.177.104 18 depends_on: 19 - es-node-1 20 - es-node-2 21 - es-node-3
1.2 Logstash 配置片段
1.2.1 logstash配置
1root@ubuntu2204test99:~/elkf# vi logstash/config/logstash.yml 2http.host: "0.0.0.0" 3# 启用定时重新加载配置 4config.reload.automatic: true 5# 定时重新加载配置周期 6config.reload.interval: 3s 7 8# 持久队列 9queue.type: persisted 10# 控制耐久性 11queue.checkpoint.writes: 1 12# 死信队列 13dead_letter_queue.enable: true 14 15# 启用Logstash节点监控 16xpack.monitoring.enabled: true 17# Elasticsearch账号和密码 18xpack.monitoring.elasticsearch.username: "elastic" 19xpack.monitoring.elasticsearch.password: "123456" 20# Elasticsearch节点地址列表(物理机内网IP,或者127.0.0.1) 21xpack.monitoring.elasticsearch.hosts: ["es-node-1:9200", "es-node-2:9200", "es-node-3:9200"] 22# 发现Elasticsearch集群的其他节点(端口包含除9200外的其它端口时需关闭) 23# xpack.monitoring.elasticsearch.sniffing: true 24# 发送监控数据的频率 25xpack.monitoring.collection.interval: 10s 26# 启用监控管道信息 27xpack.monitoring.collection.pipeline.details.enabled: true 28xpack.management.enabled: false 29
1.2.2 logstash 采集示例(可以不写)
1root@ubuntu2204test99:~/elkf# vi logstash/pipeline/logstash.conf 2input { 3 beats { 4 port => 5044 5 } 6} 7 8output { 9 stdout { 10 codec => rubydebug 11 } 12}
2.Kibana
2.1 Docker-compose配置片段
1root@ubuntu2204test99:~/elkf# vi docker-compose.yml 2 # 可视化工具 3 kibana: 4 image: kibana:7.17.24 5 container_name: kibana 6 ports: 7 - 5601:5601 8 volumes: 9 - /etc/localtime:/etc/localtime 10 - /root/elkf/kibana/config/kibana.yml:/usr/share/kibana/config/kibana.yml 11 - /root/elkf/kibana/config/node.options:/usr/share/kibana/config/node.options 12 networks: 13 elk_net: 14 ipv4_address: 192.168.177.103 15 depends_on: 16 - es-node-1 17 - es-node-2 18 - es-node-3 19 20
2.2 Kibana 配置片段
2.2.1 Kibana配置文件
1root@ubuntu2204test99:~/elkf# vi kibana/config/kibana.yml 2# 这里地址改为你访问kibana的地址,不能以 / 结尾 3server.publicBaseUrl: "http://192.168.1.99:5601" 4#设置Kibana映射端口 5server.port: 5601 6#设置网关地址 7server.host: "0.0.0.0" 8#设置Kibana实例对外展示的名称 9server.name: "kibana" 10#设置ES集群地址 11elasticsearch.hosts: ["http://es-node-1:9200","http://es-node-2:9200","http://es-node-3:9200"] 12#设置请求超时时长 13elasticsearch.requestTimeout: 120000 14#设置页面语言 15i18n.locale: "zh-CN" 16# 解释链接https://blog.csdn.net/u011311291/article/details/100041912 17xpack.monitoring.ui.container.elasticsearch.enabled: true 18# ES账号密码 19elasticsearch.username: "kibana_system" 20elasticsearch.password: "123456" 21#配置本地索引 22kibana.index: ".kibana"
2.2.2 Kibana节点配置
1root@ubuntu2204test99:~/elkf# vi kibana/config/node.options 2## Node command line options 3## See `node --help` and `node --v8-options` for available options 4## Please note you should specify one option per line 5 6## max size of old space in megabytes 7#--max-old-space-size=4096 8 9## do not terminate process on unhandled promise rejection 10 --unhandled-rejections=warn 11 12## restore < Node 16 default DNS lookup behavior 13--dns-result-order=ipv4first 14 15## enable OpenSSL 3 legacy provider 16#--openssl-legacy-provider
3.查看服务启动是否正常
看Kibana是否能够正常登录
image-20251009165151504
查看logstash是否运行有异常
image-20251009171251217
