efk docker

filebeat yml 配置
详细分离配置
logstash

### es
filebeat.inputs:
- type: log
  enabled: true
  paths:
    - /home/logs/*.log
  multiline.pattern: '^d{4}-d{1,2}-d{1,2}'
  multiline.negate: true
  multiline.match: after
  multiline.max_lines: 500
  multiline.timeout: 5s
output.elasticsearch:
  enabled: true
  hosts: ["10.42.13.228:9200"]
  index: "k8s-log-%{+yyyy.MM.dd}"
setup.ilm.enabled: false
setup.template.name: "k8s-log"
setup.template.pattern: "k8s-log-*"


##redis

filebeat.inputs:
- type: log
  enabled: true
  paths:
    - /home/logs/*.log
  multiline.pattern: '^d{4}-d{1,2}-d{1,2}'
  multiline.negate: true
  multiline.match: after
  multiline.max_lines: 500
  multiline.timeout: 5s
output.redis:
  enabled: true
  hosts: ["10.43.34.235:6379"]
  key: "filebeat"
#  db: 1 #使用第几个库
#  timeout: 5 #超时时间
#  password: 123321 #redis 密码

es 配置
docker 配置路径 /usr/share/elasticsearch/config下

elasticsearch.yml
cluster.name: "docker-cluster"
network.host: 0.0.0.0

#启动docker添加环境变量
ES_JAVA_OPTS="-Xms512m -Xmx512m" -e "discovery.type=single-node"

##跨域配置 

cluster.name: "docker-cluster"
network.host: 0.0.0.0
http.cors.enabled: true
http.cors.allow-origin: "*"

prometheus.yml 抓取k8s内部pod

global:
  scrape_interval: 5s
  evaluation_interval: 15s
scrape_configs:
  - job_name: "spring-pods"
    tls_config:
      ca_file: /var/run/secrets/kubernetes.io/serviceaccount/ca.crt
    bearer_token_file: /var/run/secrets/kubernetes.io/serviceaccount/token
    kubernetes_sd_configs:
    - role: endpoints
    relabel_configs:
    - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_scrape, __meta_kubernetes_service_annotation_prometheus_io_jvm_scrape]
      regex: true;true
      action: keep
    - source_labels: [__meta_kubernetes_service_annotation_prometheus_io_app_metrics_patn]
      action: replace
      target_label: __metrics_path__
      regex: (.+)
    - source_labels: [__meta_kubernetes_pod_ip, __meta_kubernetes_service_annotation_prometheus_io_app_metrics_port]
      action: replace
      target_label: __address__
      regex: (.+);(.+)
    - source_labels: [__meta_kubernetes_namespace]
      action: replace
      target_label: kubernetes_namespace
    - source_labels: [__meta_kubernetes_pod_name]
      action: replace
      target_label: kubernetes_pod_name
    - action: labelmap
      regex: __meta_kubernetes_pod_label_(.+)
    - source_labels: [__meta_kubernetes_pod_host_ip]
      action: replace
      target_label: kubernetes_host_ip

logstash

https://www.elastic.co/guide/en/logstash/7.1/index.html

/usr/share/logstash/config/logstash.yml

http.host: "0.0.0.0"
xpack.monitoring.elasticsearch.hosts: [ "http://elasticsearch:9200" ]
xpack.monitoring.enabled: false
##xpack.monitoring.elasticsearch.username: "logstash_system"
##xpack.monitoring.elasticsearch.password: "elastic"



redis 到 es配置
入口命令  /usr/share/logstash/bin/logstash -f /home/config/redis-es.conf

input {
    redis {
        data_type => "list"
        host => "10.43.34.235"
        db => "0"
        port => "6379"
        key => "filebeat"
        codec => "json"
    }
}
output {
    elasticsearch {
        hosts => ["10.43.47.53:9200"]
        index => "k8s-%{+YYYY.MM.dd}"
    }
}