ELK 部署,并收集docker容器的日志信息
services:
elasticsearch:
image: elasticsearch:7.17.0
container_name: elasticsearch
environment:
- discovery.type=single-node
- ES_JAVA_OPTS=-Xms512m -Xmx512m
- TZ=Asia/Shanghai
volumes:
- ./elasticsearch:/usr/share/elasticsearch/data
- ./elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml
ports:
- "9200:9200"
- "9300:9300"
networks:
- elk-network
restart: always
kibana:
image: kibana:7.17.0
container_name: kibana
environment:
- ELASTICSEARCH_HOSTS=http://elasticsearch:9200
- TZ=Asia/Shanghai
ports:
- "5601:5601"
depends_on:
- elasticsearch
networks:
- elk-network
restart: always
filebeat:
image: docker.elastic.co/beats/filebeat:7.17.0
container_name: filebeat
user: root
volumes:
- ./filebeat.yml:/usr/share/filebeat/filebeat.yml
- /var/lib/docker/containers:/var/lib/docker/containers:ro
- /var/run/docker.sock:/var/run/docker.sock:ro
environment:
- TZ=Asia/Shanghai
depends_on:
- elasticsearch
- kibana
networks:
- elk-network
restart: always
networks:
elk-network:
driver: bridge
# filebeat.yml
filebeat.inputs:
- type: docker
containers:
path: /var/lib/docker/containers
stream: all
ids:
- "*"
setup.kibana:
host: "10.50.192.181:5601"
output.elasticsearch:
hosts: ["http://10.50.192.181:9200"]
indices:
- index: "filebeat-docker--%{[docker.container.name]}-%{[agent.version]}-%{+yyyy.MM.dd}"
when.contains:
log.file.path: "/var/lib/docker/containers"
processors:
- add_host_metadata:
when.not.contains.tags: forwarded
- add_docker_metadata:
host: "/var/run/docker.sock"通过 Kibana 集成管理日志
1. 打开 Kibana 界面:http://localhost:5601
2. 进入 Stack Management > Integrations。
3. 搜索 Docker 或 Elasticsearch,启用对应集成并完成配置。
4. 查看日志数据:
- 在 Discover 中搜索 filebeat-docker-*。
- 使用 Logs 应用查看实时日志流
评论区