使用docker swarm搭建EFK(elasticsearch、filebeat、kibana)
发表于:2025-02-03 作者:千家信息网编辑
千家信息网最后更新 2025年02月03日,elasticsearch安装elasticsearch.yml 参考官方文档https://www.elastic.co/guide/en/elasticsearch/reference/curre
千家信息网最后更新 2025年02月03日使用docker swarm搭建EFK(elasticsearch、filebeat、kibana)
elasticsearch安装
elasticsearch.yml 参考官方文档https://www.elastic.co/guide/en/elasticsearch/reference/current/docker.html
version: '3'services: elasticsearch: image: elasticsearch:7.4.2 restart: always ulimits: memlock: soft: -1 hard: -1 ports: - 9200:9200 networks: - logging volumes: - esdata1:/usr/share/elastcisearch/data - ./elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml environment: - "ES_JAVA_OPTS=-Xms512m -Xmx512m"volumes: esdata1: driver: localnetworks: logging: external: name: logging新版在安装过程中遇到两个问题
1 the default discovery settings are unsuitable for production use; at least one of [discovery.seed_hosts, discovery.seed_providers, cluster.initial_master_nodes] must be configured
需要新建elasticsearch.yml文件(https://github.com/elastic/elasticsearch/blob/master/distribution/src/config/elasticsearch.yml)
修改node.name和cluster.initial_master_nodes一致# ======================== Elasticsearch Configuration =========================## NOTE: Elasticsearch comes with reasonable defaults for most settings.# Before you set out to tweak and tune the configuration, make sure you# understand what are you trying to accomplish and the consequences.## The primary way of configuring a node is via this file. This template lists# the most important settings you may want to configure for a production cluster.## Please consult the documentation for further information on configuration options:# https://www.elastic.co/guide/en/elasticsearch/reference/index.html## ---------------------------------- Cluster -----------------------------------## Use a descriptive name for your cluster:#cluster.name: es-cluster## ------------------------------------ Node ------------------------------------## Use a descriptive name for the node:#node.name: "es-master"## Add custom attributes to the node:##node.attr.rack: r1## ----------------------------------- Paths ------------------------------------## Path to directory where to store the data (separate multiple locations by comma):##${path.data}## Path to log files:##${path.logs}## ----------------------------------- Memory -----------------------------------## Lock the memory on startup:##bootstrap.memory_lock: true## Make sure that the heap size is set to about half the memory available# on the system and that the owner of the process is allowed to use this# limit.## Elasticsearch performs poorly when the system is swapping the memory.## ---------------------------------- Network -----------------------------------## Set the bind address to a specific IP (IPv4 or IPv6):#network.host: 0.0.0.0## Set a custom port for HTTP:##http.port: 9200## For more information, consult the network module documentation.## --------------------------------- Discovery ----------------------------------## Pass an initial list of hosts to perform discovery when this node is started:# The default list of hosts is ["127.0.0.1", "[::1]"]#discovery.seed_hosts: ["127.0.0.1", "[::1]"]## Bootstrap the cluster using an initial set of master-eligible nodes:#cluster.initial_master_nodes: ["es-master"]## For more information, consult the discovery and cluster formation module documentation.## ---------------------------------- Gateway -----------------------------------## Block initial recovery after a full cluster restart until N nodes are started:##gateway.recover_after_nodes: 3## For more information, consult the gateway module documentation.## ---------------------------------- Various -----------------------------------## Require explicit names when deleting indices:##action.destructive_requires_name: truehttp.cors.enabled: truehttp.cors.allow-origin: /.*/- 2 max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]
在宿主机修改/etc/sysctl.conf,添加vm.max_map_count=262144
filebeat
filebeat 相对于flnent代码ruqin小,无须修改已经开发的相关java项目,且内存占用小
docker-compose.yml
version: '3'services: filebeat: image: elastic/filebeat:7.4.2 container_name: filebeat volumes: - ./filebeat.yml:/usr/share/filebeat/filebeat.yml restart: always networks: - logging deploy: replicas: 1networks: logging: external: name: loggingfilebeat.yml
filebeat.inputs:- type: log paths: - /var/lib/docker/containers/*/*.logoutput.elasticsearch: hosts: ["elasticsearch:9200"]kibana
kibana没有什么繁琐的配置,指定ELASTICSEARCH_HOSTS即可
docker-compose.yml 配置如下
version: '3'services: kibana: image: kibana:7.4.2 ports: - 5601:5601 networks: - logging environment: ELASTICSEARCH_HOSTS: http://elasticsearch:9200networks: logging: external: name: logging
配置
一致
繁琐
两个
代码
内存
官方
宿主
宿主机
文件
文档
过程
问题
项目
参考
开发
数据库的安全要保护哪些东西
数据库安全各自的含义是什么
生产安全数据库录入
数据库的安全性及管理
数据库安全策略包含哪些
海淀数据库安全审计系统
建立农村房屋安全信息数据库
易用的数据库客户端支持安全管理
连接数据库失败ssl安全错误
数据库的锁怎样保障安全
北京销售服务器工作站虚拟主机
数据库技术难
网络安全法治日信息简报
小芯助手软件开发公司
中图外文数字图书数据库
物品数据库加载错误
互联网软件开发难学吗
易语言读取数据库图片文件
qq群排名软件开发
医院网络安全工作责任制落实情况
警察网络安全顺口溜
军工和网络安全概念股
软件开发中人员利用率
网络安全 夏令营
重庆工业软件开发哪家实惠
我国互联网科技的短板
SEER数据库生存状态
滨州联想服务器哪家是专业做的
江苏营销网络技术
软件开发的基本常识
网络安全行业为何如此细分
白背景 网络安全
地理数据库命名规范
软件开发短期培训能学会吗
汽车保险年鉴数据库
数据库语言 排序
数据库安装用哪个软件
护苗网络安全手抄报视频
北京臻盛网络技术有限
上海推荐的软件开发规格尺寸
