本地搭建 EFK 日志系统记录

导读:本篇文章讲解 本地搭建 EFK 日志系统记录,希望对大家有帮助,欢迎收藏,转发!站点地址:www.bmabk.com

环境 win10 docker
最终效果:如下图 点击实时流传输之后就像 tail 日志 一样 😅
在这里插入图片描述

过程:
elastic 官网安装docker形式。 elasticsearch 7.5.1集群,kibana 7.5.1,filebeat 7.5.1(非docker安装,日志在哪里安装到哪里确保通过配置路径可以读取到日志 ,例如本机是win10

elasticsearch 参考自:https://www.elastic.co/guide/en/elasticsearch/reference/current/docker.html
出现问题:地址异常 es0*,看 docker-compose.yml 配置了网络。而我的docker里没有这个网络 。新建一个名为elastic的docker网络 命令 docker network create elastic。OK了

kibana 参考自https://www.elastic.co/guide/en/kibana/7.5/docker.html
出现问题 访问不到 es。原因 与es所在docker容器间网络不通。修改 docker-compose配置重新生成 容器解决。
在这里插入图片描述

filebeat 参考自https://www.elastic.co/guide/en/beats/filebeat/current/filebeat-getting-started.html
遇到问题: 配置怎么修改都不生效 ,Loading and starting Inputs completed. Enabled inputs: 0 为啥是0?明明配置都是官网拷下来的只是修改了具体的日志路径。最后我靠 配置在d盘下,filebeat在c盘下俩份混了。
遇到问题2:官网的注册成服务命令会报错。.\install-service-filebeat.ps1 : File C:\Program Files\Filebeat\install-service-filebeat.ps1 cannot be loaded because r
unning scripts is disabled on this system. For more information, see about_Execution_Policies at https:/go.microsoft.co
m/fwlink/?LinkID=135170. 先没有解决直接 .\filebeat.exe -e -c .\filebeat.yml命令启动。

附件
es docker 配置 文件

version: '3.3'
services:
  es01:
    image: docker.elastic.co/elasticsearch/elasticsearch:7.5.1
    container_name: es01
    environment:
      - node.name=es01
      - cluster.name=es-docker-cluster
      - discovery.seed_hosts=es02,es03
      - cluster.initial_master_nodes=es01,es02,es03
      - bootstrap.memory_lock=true
      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
    ulimits:
      memlock:
        soft: -1
        hard: -1
    volumes:
      - data01:/usr/share/elasticsearch/data
    ports:
      - 9200:9200
    networks:
      - elastic
  es02:
    image: docker.elastic.co/elasticsearch/elasticsearch:7.5.1
    container_name: es02
    environment:
      - node.name=es02
      - cluster.name=es-docker-cluster
      - discovery.seed_hosts=es01,es03
      - cluster.initial_master_nodes=es01,es02,es03
      - bootstrap.memory_lock=true
      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
    ulimits:
      memlock:
        soft: -1
        hard: -1
    volumes:
      - data02:/usr/share/elasticsearch/data
    networks:
      - elastic
  es03:
    image: docker.elastic.co/elasticsearch/elasticsearch:7.5.1
    container_name: es03
    environment:
      - node.name=es03
      - cluster.name=es-docker-cluster
      - discovery.seed_hosts=es01,es02
      - cluster.initial_master_nodes=es01,es02,es03
      - bootstrap.memory_lock=true
      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
    ulimits:
      memlock:
        soft: -1
        hard: -1
    volumes:
      - data03:/usr/share/elasticsearch/data
    networks:
      - elastic

volumes:
  data01:
    driver: local
  data02:
    driver: local
  data03:
    driver: local

networks:
  elastic:
    driver: bridge

kibana docker配置文件

version: '3.3'
services:
  kibana:
    image: docker.elastic.co/kibana/kibana:7.5.1
    environment:
      # SERVER_NAME: kibana
      ELASTICSEARCH_HOSTS: http://es01:9200
      I18N_LOCALE: zh-CN
    ports:
    - 5601:5601
    networks:
      - elastic
networks:
  elastic:
    driver: bridge

filebeat win10 配置文件( 删除掉大部分官网注释后)


filebeat.inputs:

- type: log

  enabled: true

  # Paths that should be crawled and fetched. Glob based paths.
  paths:
    # - /var/log/*.log
    - D:\logs\swagger_study\swaggerStudy.log
    #- c:\programdata\elasticsearch\logs\*

 
filebeat.config.modules:
  # Glob pattern for configuration loading
  path: ${path.config}/modules.d/*.yml

  # Set to true to enable config reloading
  reload.enabled: false

  # Period on which files under path should be checked for changes
  #reload.period: 10s

#==================== Elasticsearch template setting ==========================

setup.template.settings:
  index.number_of_shards: 1
  #index.codec: best_compression
  #_source.enabled: false


  host: "localhost:5601"

 
output.elasticsearch:
  # Array of hosts to connect to.
  hosts: ["localhost:9200"]

  
processors:
  - add_host_metadata: ~
  - add_cloud_metadata: ~
  - add_docker_metadata: ~
  - add_kubernetes_metadata: ~



相关:

es 单机版 需要增加环境变量 discovery.type=single-node

参考:https://stackoverflow.com/questions/60182669/elastic-search-error-native-controller-process-has-stopped-no-new-native-pro

版权声明:本文内容由互联网用户自发贡献,该文观点仅代表作者本人。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。如发现本站有涉嫌侵权/违法违规的内容, 请发送邮件至 举报,一经查实,本站将立刻删除。

文章由半码博客整理,本文链接:https://www.bmabk.com/index.php/post/76478.html

(0)

相关推荐

半码博客——专业性很强的中文编程技术网站,欢迎收藏到浏览器,订阅我们!