前两天使用docker 通过一个一个启动的方式,将 ELK 部署了起来,但是逐个启动的方式有些麻烦,所以写了个 docker-compose.yml 来一键启动:
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
| version: '2'
services:
elasticsearch:
image: docker.elastic.co/elasticsearch/elasticsearch:6.4.0
environment:
- discovery.type=single-node
volumes:
- /etc/localtime:/etc/localtime
- /data01/docker-es/data:/usr/share/elasticsearch/data
# ports:
# - "9200:9200"
# - "9300:9300"
logstash:
image: docker.elastic.co/logstash/logstash:6.4.0
volumes:
- ./logstash.conf:/usr/share/logstash/pipeline/logstash.conf
ports:
- "4560:4560"
links:
- elasticsearch
kibana:
image: docker.elastic.co/kibana/kibana:6.4.0
environment:
- ELASTICSEARCH_URL=http://elasticsearch:9200
volumes:
- /etc/localtime:/etc/localtime
ports:
- "5601:5601"
links:
- elasticsearch
|
logstash.conf
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
| input {
tcp {
mode => "server"
host => "0.0.0.0"
port => 4560
codec => json
}
}
output {
elasticsearch {
hosts => ["http://elasticsearch:9200"]
index => "%{[service]}-%{+YYYY.MM.dd}"
}
stdout { codec => rubydebug }
}
|