ELK运维之路(Logstash7Kibana接入ES集群-7.17.24)
书接前文,本章介绍Logstash和Kibana组件的部署,测试环境哦别干生产,如有帮助到您请给个免费的赞呗!
1.Logstash
1.1 Docker-compose 配置片段
root@ubuntu2204test99:~/elkf# vi docker-compose.ymllogstash:image: logstash:7.17.24container_name: logstash-7.17.24restart: alwaysenvironment:- "LS_JAVA_OPTS=-Xms512m -Xmx512m"ports:- 5044:5044- 9600:9600volumes:- /root/elkf/logstash/config/logstash.yml:/usr/share/logstash/config/logstash.yml- /root/elkf/logstash/data:/usr/share/logstash/data- /root/elkf/logstash/pipeline:/usr/share/logstash/pipelinenetworks:elk_net:ipv4_address: 192.168.177.104depends_on:- es-node-1- es-node-2- es-node-31.2 Logstash 配置片段
1.2.1 logstash配置
root@ubuntu2204test99:~/elkf# vi logstash/config/logstash.yml
http.host: "0.0.0.0"
# 启用定时重新加载配置
config.reload.automatic: true
# 定时重新加载配置周期
config.reload.interval: 3s# 持久队列
queue.type: persisted
# 控制耐久性
queue.checkpoint.writes: 1
# 死信队列
dead_letter_queue.enable: true# 启用Logstash节点监控
xpack.monitoring.enabled: true
# Elasticsearch账号和密码
xpack.monitoring.elasticsearch.username: "elastic"
xpack.monitoring.elasticsearch.password: "123456"
# Elasticsearch节点地址列表(物理机内网IP,或者127.0.0.1)
xpack.monitoring.elasticsearch.hosts: ["es-node-1:9200", "es-node-2:9200", "es-node-3:9200"]
# 发现Elasticsearch集群的其他节点(端口包含除9200外的其它端口时需关闭)
# xpack.monitoring.elasticsearch.sniffing: true
# 发送监控数据的频率
xpack.monitoring.collection.interval: 10s
# 启用监控管道信息
xpack.monitoring.collection.pipeline.details.enabled: true
xpack.management.enabled: false
1.2.2 logstash 采集示例(可以不写)
root@ubuntu2204test99:~/elkf# vi logstash/pipeline/logstash.conf
input {beats {port => 5044}
}output {stdout {codec => rubydebug}
}2.Kibana
2.1 Docker-compose配置片段
root@ubuntu2204test99:~/elkf# vi docker-compose.yml# 可视化工具kibana:image: kibana:7.17.24container_name: kibanaports:- 5601:5601volumes:- /etc/localtime:/etc/localtime- /root/elkf/kibana/config/kibana.yml:/usr/share/kibana/config/kibana.yml- /root/elkf/kibana/config/node.options:/usr/share/kibana/config/node.optionsnetworks:elk_net:ipv4_address: 192.168.177.103depends_on:- es-node-1- es-node-2- es-node-32.2 Kibana 配置片段
2.2.1 Kibana配置文件
root@ubuntu2204test99:~/elkf# vi kibana/config/kibana.yml
# 这里地址改为你访问kibana的地址,不能以 / 结尾
server.publicBaseUrl: "http://192.168.1.99:5601"
#设置Kibana映射端口
server.port: 5601
#设置网关地址
server.host: "0.0.0.0"
#设置Kibana实例对外展示的名称
server.name: "kibana"
#设置ES集群地址
elasticsearch.hosts: ["http://es-node-1:9200","http://es-node-2:9200","http://es-node-3:9200"]
#设置请求超时时长
elasticsearch.requestTimeout: 120000
#设置页面语言
i18n.locale: "zh-CN"
# 解释链接https://blog.csdn.net/u011311291/article/details/100041912
xpack.monitoring.ui.container.elasticsearch.enabled: true
# ES账号密码
elasticsearch.username: "kibana_system"
elasticsearch.password: "123456"
#配置本地索引
kibana.index: ".kibana"2.2.2 Kibana节点配置
root@ubuntu2204test99:~/elkf# vi kibana/config/node.options
## Node command line options
## See `node --help` and `node --v8-options` for available options
## Please note you should specify one option per line## max size of old space in megabytes
#--max-old-space-size=4096## do not terminate process on unhandled promise rejection--unhandled-rejections=warn## restore < Node 16 default DNS lookup behavior
--dns-result-order=ipv4first## enable OpenSSL 3 legacy provider
#--openssl-legacy-provider3.查看服务启动是否正常
看Kibana是否能够正常登录
image-20251009165151504
查看logstash是否运行有异常
image-20251009171251217