1.定义docker-compose
version: '3'
services:
elasticsearch:
image: elasticsearch:7.6.2
container_name: elasticsearch
privileged: true
user: root
environment:
#设置集群名称为elasticsearch
- cluster.name=elasticsearch
#以单一节点模式启动
- discovery.type=single-node
#设置使用jvm内存大小
- ES_JAVA_OPTS=-Xms512m -Xmx512m
# volumes:
# - /opt/docker_elk/elasticsearch/plugins:/usr/share/elasticsearch/plugins
# - /opt/docker_elk/elasticsearch/data:/usr/share/elasticsearch/data
ports:
- 9200:9200
- 9300:9300
logstash:
image: logstash:7.6.2
container_name: logstash
ports:
- 4560:4560
privileged: true
environment:
- TZ=Asia/Shanghai
volumes:
#挂载logstash的配置文件
- ./logstash.conf:/usr/share/logstash/pipeline/logstash.conf
- ./log.log:/log.log
depends_on:
- elasticsearch
links:
#可以用es这个域名访问elasticsearch服务
- elasticsearch:es
kibana:
image: kibana:7.6.2
container_name: kibana
ports:
- 5601:5601
privileged: true
links:
#可以用es这个域名访问elasticsearch服务
- elasticsearch:es
depends_on:
- elasticsearch
environment:
#设置访问elasticsearch的地址
- elasticsearch.hosts=http://es:92002.定义logstash.conf文件
input {
file{
path=>"/log.log"
type=>"systemlog"
start_position=>"beginning"
stat_interval=>"5"
}
}
output {
elasticsearch {
hosts => "es:9200"
index => "logstash-%{+YYYY.MM.dd}"
}
}file.path:收集的文件日志内容
file.type:参数制订了file模块结果的类型
file.start_position:参数指定了开始的位置
file.stat_interval:参数指定了收集的间隔
output.es:写入到ES的地址和索引名称
2.执行docker-compose up -d 构建镜像
3.修改kibana中文
增加:i18n.locale: "zh-CN"
位置:/config/kibana.yml