https://github.com/sillyhatxu/sillyhat-elk
https://github.com/sillyhatxu/sillyhat-elk
Last synced: 2 months ago
JSON representation
- Host: GitHub
- URL: https://github.com/sillyhatxu/sillyhat-elk
- Owner: sillyhatxu
- Created: 2018-04-13T07:28:05.000Z (about 7 years ago)
- Default Branch: master
- Last Pushed: 2018-07-02T12:42:57.000Z (almost 7 years ago)
- Last Synced: 2025-01-31T07:45:49.433Z (4 months ago)
- Size: 393 KB
- Stars: 0
- Watchers: 1
- Forks: 0
- Open Issues: 0
-
Metadata Files:
- Readme: README.md
Awesome Lists containing this project
README
#docker-compose.yml详解
Linux需要执行如下语句,否则无法启动elasticsearch
```
sudo sysctl -w vm.max_map_count=262144
```
启动
```
docker stack deploy -c docker-compose.yml elk
```
停止
```
docker stack rm elk
```
logspout
```
sudo docker run -d --name=logspout --volume=/var/run/docker.sock:/var/run/docker.sock gliderlabs/logspout tcp://172.28.2.25:5000
```
如果希望采集docker信息,则需要发送syslog日志
```
sudo docker run -d --name=logspout --volume=/var/run/docker.sock:/var/run/docker.sock gliderlabs/logspout syslog+tcp://172.16.99.130:5000
```
其中如下配置为logstash的ip:port
```
tcp://172.28.2.25:5000
```
本地目录向docker中映射
```
volumes:
- /home/xushikuan/elasticsearch/data:/usr/share/elasticsearch/data
```
服务启动依赖
```
depends_on:
- elasticsearch
```
docker-compose.yml配置
```
version: '3.3'
networks:
elk:
services:
elasticsearch:
image: docker.elastic.co/elasticsearch/elasticsearch:6.1.3
networks:
- elk
volumes:
- /home/xushikuan/elasticsearch/data:/usr/share/elasticsearch/data
ports:
- 9200:9200
- 9300:9300
environment:
- xpack.security.enabled=false
- "ES_JAVA_OPTS=-Xmx1024m -Xms1024m"
kibana:
image: docker.elastic.co/kibana/kibana:6.1.3
networks:
- elk
ports:
- 5601:5601
depends_on:
- elasticsearch
logstash:
image: docker.elastic.co/logstash/logstash:6.1.3
networks:
- elk
ports:
- 5000:5000
environment:
- DROP_NON_JSON=false
- STDOUT=true
volumes:
- /home/xushikuan/sillyhat-elk/logstash/logstash.conf:/usr/share/logstash/pipeline/logstash.conf
depends_on:
- elasticsearch
```