1、安装es
注意:关闭xpack.security.enabled: false 权限认证
允许跨域
http.cors.enabled: true
http.cors.allow-origin: "*
https://blog.csdn.net/qq_40739917/article/details/131654563
docker run --name elasticsearch -p 9200:9200 -p 9300:9300 -e "discovery.type=single-node" -d elasticsearch:8.8.1
docker exec -it elasticsearch bash
cd /usr/share/elasticsearch/config
docker cp elasticsearch.yml elasticsearch:/usr/share/elasticsearch/config/
2、自己手动打包filebeat
#下载程序包
wget https://artifacts.elastic.co/downloads/beats/filebeat/filebeat-8.10.3-linux-x86_64.tar.gz
#修改配置文件
[root@localhost filebeat]# cat filebeat.yml
filebeat.config:
modules:
path: ${path.config}/modules.d/*.yml
reload.enabled: false
processors:
- add_cloud_metadata: ~
- add_docker_metadata: ~
filebeat.inputs:
- type: log
enabled: true
paths:
- /var/lib/docker/containers/*/*-json.log
output.elasticsearch:
allow_older_versions: true #允许使用older的es
hosts: '100.98.100.186:9200'
#创建dockerfile
[root@localhost filebeat]# cat dockerfile
FROM centos
MAINTAINER wukc
ADD localtime /etc/localtime
RUN echo 'Asia/Shanghai'>/etc/timezone
ADD filebeat /filebeat
WORKDIR /filebeat
EXPOSE 80
CMD ["/filebeat/filebeat"]
#构建images
docker build -t filebeat:8.10.3 .
#运行容器
docker run -d --name=filebeat --restart=always -v /var/lib/docker/containers/:/var/lib/docker/containers/ filebeat:8.10.3
docker run -it --rm filebeat:8.10.3 bash #调试运行方法
#备份images
docker push wukc/filebeat:8.10.3
3、#查询索引内容
curl -XGET http://100.98.100.186:9200/.ds-filebeat-8.10.3-2023.10.31-000001/_search -H 'Content-Type: application/json' -d '
{
"query": {
"match_all": {}
}
4、安装es的dashboard
docker run --restart=unless-stopped -d -p 8090:8090 kecikeci/elastic_view:latest http://100.98.100.186:8090 admin/admin
5、结果展示
