Example of using Docker to build an ELK log system

The following installations all use the ~/ directory as the installation root directory.

ElasticSearch

Download image:

$ sudo docker pull elasticsearch:5.5.0

Run the ElasticSearch container:

$ sudo docker run -it -d -p 9200:9200 -p 9300:9300 \
-v ~/elasticsearch/data:/usr/share/elasticsearch/data \
--name myes elasticsearch:5.5.0

Please note that if you use version 6 or above, JDK errors will occur. Check the logs.

$ docker logs -f myes

View the logs:

OpenJDK 64-Bit Server VM warning: Option UseConcMarkSweepGC was deprecated in version 9.0 and will likely be removed in a future release.

The approximate meaning found on the Internet is:

jdk9 is not very friendly to elasticSearch (the version is too new), and JDK8 must be used. I use JDK8u152 (jdk-8u152-windows-x64.exe). If you use JDK9 and elasticSearch-rtf (v5.1.1), the following error will occur. Please pay special attention that the elasticSearch6.0 version must use JDK9, otherwise the msi downloaded from the official website cannot be installed successfully. The reason has not been carefully checked.

So this is also a very annoying problem, so I just installed the v5.5.0 stable version directly.

Logstash

Download image:

$ sudo docker pull logstash:5.5.0

Create a new configuration file:

$ mkdir ~/logstash/conf.d && cd logstash/conf.d
$ vim logstash.conf

logstash.conf:

input {

 beats {
  port => 5044 # This port needs to be the same as the port in filebeat.yml}

 file {
  path => "/data/logs"
  # start_position => "beginning"
 }
}

filter {
 #grok {
 # match => { "message" => "%{COMBINEDAPACHELOG}" }
 #}
 #date {
 # match => ["timestamp", "dd/MMM/yyyy:HH:mm:ss Z"]
 #}

 grok {

  patterns_dir => "/etc/logstash/conf.d/patterns"
  match => {"message" => "%{TIMESTAMP_ISO8601:time}\S%{MYSELF:msgid}%{MYSELF:method}%{MYDATA:data}%{MYSELF:UserInfo}\S%{LOGLEVEL:level}\S%{MYSELF:thread}%{MYSELF:application}%{MYSELF:ip}"}
}
date {
   #match => [ "time", "YYYY-MM-dd HH:mm:ss,SSS" ]
   match => [ "time", "ISO8601" ]
   target => "@timestamp"
   timezone => "Asia/Phnom_Penh"
 }

}

output {

 stdout {
  codec => rubydebug
 }

 elasticsearch
  action => "index"
  hosts => ["172.17.10.114:9200"]
  index => "%{[fields][indexname]}-%{+YYYY.MM.dd}"
 }
}

Run the Logstash container:

$ sudo docker run -it -d -p 5044:5044 \
-v ~/logstash/conf.d:/etc/logstash/conf.d \
-v ~/logstash/data/logs:/data/logs \
--name logstash logstash:5.5.0 \
-f /etc/logstash/conf.d/logstash.conf

Kibana

Download image:

$ sudo docker pull kibana:5.5.0

Create a new configuration file:

$ mkdir ~/kibana && cd ~/kibana
$ vim kibana.yml

kibana.yml:

server.port: 5601
server.host: "0.0.0.0"
elasticsearch.url: "http://172.17.10.114:9200"

Run the Kibana container:

$ sudo docker run -it -d -p 5601:5601 \
-v ~/kibana:/etc/kibana \
--name kibana kibana:5.5.0

Filebeat

Filebeat needs to be deployed on the server where logs need to be collected.

Download image:

$ sudo docker pull docker.elastic.co/beats/filebeat:5.5.0

Create a new configuration file:

filebeat.prospectors:
- type: log
  paths:
   - ~/filebeat/logs #Specify the path of the log files to be collected fields:
  indexname: xxx # Fill in the project name here, corresponding to index => "%{[fields][indexname]}-%{+YYYY.MM.dd}"
output.logstash:
 hosts: ["172.17.10.114:5044"]

Run the Filebeat container:

$ sudo docker run -it -d \
-v ~/filebeat/filebeat.yml:/usr/share/filebeat/filebeat.yml \
--name filebeat docker.elastic.co/beats/filebeat:5.5.0

Attached is a ELK structure flow chart:

The above is the full content of this article. I hope it will be helpful for everyone’s study. I also hope that everyone will support 123WORDPRESS.COM.

You may also be interested in:

Sample code for deploying ELK using Docker-compose
How to quickly build ELK based on Docker
A brief summary of the practice of connecting Node framework to ELK
In-depth analysis of the ELK principle and introduction

<<: Mysql 5.6.37 winx64 installation dual version mysql notes

>>: Detailed explanation of DOM DIFF algorithm in react application

How to make form input and other text boxes read-only and non-editable in HTML

Example of using Docker to build an ELK log system

How to make form input and other text boxes read-only and non-editable in HTML

jQuery plugin to achieve code rain effect

Example of how rem is adapted for mobile devices

Implementing a simple web clock with JavaScript

Detailed explanation of mysql exists and not exists examples

Pure CSS3 mind map style example

Blog Design Web Design Debut

Windows Server 2016 Remote Desktop Services Configuration and License Activation (2 Users)

Detailed explanation of 7 SSH command usages in Linux that you don’t know

win10 docker-toolsbox tutorial on building a php development environment

Recommend

Let's talk in detail about whether setState in React is a macro task or a micro task

Use of nginx custom variables and built-in predefined variables

How to customize an EventEmitter in node.js

How to view and set the mysql time zone

How to write memory-efficient applications with Node.js

7 skills that great graphic designers need to master

Sample code for implementing honeycomb/hexagonal atlas with CSS

Solve the problem that the default value of CSS3 transition-delay attribute is 0 without unit and it is invalid

Detailed explanation of how to find the location of the nginx configuration file

Detailed tutorial on installing MySQL 8.0.19 in zip version on win10

Use of MySQL DATE_FORMAT function

How to configure domestic sources in CentOS8 yum/dnf

Implementation of remote Linux development using vscode

How to use nginx to configure access to wgcloud

How to Set Shortcut Icons in Linux