| IP | 分类 |
|---|---|
| 192.168.20.51 | elasticsearch1 & kibana |
| 192.168.20.52 | elasticsearch2 |
| 192.168.20.53 | elasticsearch3 |
在最后添加一行
sudo vim /etc/sysctl.conf vm.max_map_count=655360
执行并生效
sudo sysctl -p sudo sysctl -a | grep max_map_count2. 配置ELK 2.1 192.168.20.51的配置
编辑elasticsearch.yml文件
cluster.name: es-cluster node.name: node1 node.master: true node.data: true bootstrap.memory_lock: true network.host: 192.168.20.51 http.port: 9200 discovery.seed_hosts: ["192.168.20.52","192.168.20.53"] cluster.initial_master_nodes: ["node1","node2","node3"]```
编辑kibana.yml文件
server.host: "192.168.20.51" elasticsearch.hosts: ["http://192.168.20.51:9200","http://192.168.20.52:9200","http://192.168.20.53:9200"] i18n.locale: "zh-CN"
编辑docker-compose.yml启动
version: '2.2'
services:
es01:
image: docker.elastic.co/elasticsearch/elasticsearch:7.15.2
container_name: es01
hostname: elastic
environment:
- "ES_JAVA_OPTS=-Xms512m -Xmx512m"
ulimits:
memlock:
soft: -1
hard: -1
volumes:
- /data/es_data:/usr/share/elasticsearch/data
- /data/es_logs:/usr/share/elasticsearch/logs
- ./elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml
ports:
- 9200:9200
- 9300:9300
network_mode: "host"
kibana:
image: docker.elastic.co/kibana/kibana:7.15.2
container_name: kibana
hostname: kibana
restart: always
volumes:
- ./kibana.yml:/usr/share/kibana/config/kibana.yml
ports:
- 5601:5601
network_mode: "host"
depends_on:
- es01
注意:映射目录要创建,权限修改
mkdir /data/es_data /data/es_logs
启动
docker-compose up2.2 192.168.20.52的配置
编辑elasticsearch.yml
cluster.name: es-cluster node.name: node2 node.master: true node.data: true bootstrap.memory_lock: true network.host: 0.0.0.0 http.port: 9200 discovery.seed_hosts: ["192.168.20.51","192.168.20.53"] cluster.initial_master_nodes: ["node1","node2","node3"]
编辑docker-compose.yml
version: '2.2'
services:
es02:
image: docker.elastic.co/elasticsearch/elasticsearch:7.15.2
container_name: es02
environment:
- "ES_JAVA_OPTS=-Xms512m -Xmx512m"
ulimits:
memlock:
soft: -1
hard: -1
volumes:
- /data/es_data:/usr/share/elasticsearch/data
- /data/es_logs:/usr/share/elasticsearch/logs
- ./elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml
ports:
- 9200:9200
- 9300:9300
network_mode: "host"
注意:映射目录要创建,权限修改
mkdir /data/es_data /data/es_logs
启动
docker-compose up2.3 192.168.20.53的配置
编辑elasticsearch.yml
cluster.name: es-cluster node.name: node3 node.master: true node.data: true bootstrap.memory_lock: true network.host: 0.0.0.0 http.port: 9200 discovery.seed_hosts: ["192.168.20.51","192.168.20.52"] cluster.initial_master_nodes: ["node1","node2","node3"]
编辑docker-compose.yml
version: '2.2'
services:
es02:
image: docker.elastic.co/elasticsearch/elasticsearch:7.15.2
container_name: es03
environment:
- "ES_JAVA_OPTS=-Xms512m -Xmx512m"
ulimits:
memlock:
soft: -1
hard: -1
volumes:
- /data/es_data:/usr/share/elasticsearch/data
- /data/es_logs:/usr/share/elasticsearch/logs
- ./elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml
ports:
- 9200:9200
- 9300:9300
network_mode: "host"
注意:映射目录要创建,权限修改
mkdir /data/es_data /data/es_logs
启动
docker-compose up2.4 查看
浏览器查看
192.168.20.51:9200 192.168.20.52:9200 192.168.20.53:9200 192.168.20.51:56013. 启动filebeat
编辑filebeat.docker.yml
filebeat.config:
modules:
path: ${path.config}/modules.d/*.yml
reload.enabled: false
filebeat.inputs:
- type: log
paths:
- /log/syslog
exclude_lines: ['sda']
filebeat.autodiscover:
providers:
- type: docker
hints.enabled: true
setup.template.settings:
index.number_of_shards: 3
processors:
- add_cloud_metadata: ~
- decode_json_fields:
fields: ['message']
target: ''
overwrite_keys: true
output.elasticsearch:
hosts: '${ELASTICSEARCH_HOSTS:elasticsearch:9200}'
username: '${ELASTICSEARCH_USERNAME:}'
password: '${ELASTICSEARCH_PASSWORD:}'
filebeat脚本filebeat.sh
#!/bin/bash docker run -d -v /var/log/:/log/ -v /data/filebeat_registry:/usr/share/filebeat/data/registry/ -h filebeat --name=filebeat --user=root --volume="$(pwd)/filebeat.docker.yml:/usr/share/filebeat/filebeat.yml:ro" --volume="/var/lib/docker/containers:/var/lib/docker/containers:ro" --volume="/var/run/docker.sock:/var/run/docker.sock:ro" docker.elastic.co/beats/filebeat:7.15.2 filebeat -e -strict.perms=false -E output.elasticsearch.hosts=["192.168.20.51:9200","192.168.20.52:9200","192.168.20.53:9200"]
启动filebeat.sh
./filebeat.sh
