使用docker-compose容器编排技术,搭建ES集群,包含ElasticSearch、Logstash、Kibana,使用的是目前官方提供的最新版本7.8.0

#准备配置文件
[root@docker02 elk]# vim logstash.conf 
input {
  beats {
    port => 5044
  }
}

filter {
  # 在这里添加任何你需要的过滤器,根据数据的需求
  # 例如,你可以添加 grok 过滤器来解析日志消息
  # grok {
  #   match => { "message" => "%{TIMESTAMP_ISO8601:timestamp} %{LOGLEVEL:loglevel} %{GREEDYDATA:message}" }
  # }
}

output {
  elasticsearch {
    hosts => ["elasticsearch:9200"]
    index => "your-custom-index-%{+YYYY.MM.dd}"
  }
}

[root@docker02 elk]# vim pipeline.yml 
- pipeline.id: main
  path.config: "/usr/share/logstash/pipeline/logstash.conf"

# 编写集群的docker-compose
[root@docker02 elk]# cat docker-compose.yaml 
version: '3'
services:
  elasticsearch:
    image: elasticsearch:7.8.0
    container_name: elasticsearch
    environment:
      - node.name=node1
      - cluster.name=mycluster
      - discovery.seed_hosts=elasticsearch2,elasticsearch3
      - cluster.initial_master_nodes=node1,node2,node3
      - bootstrap.memory_lock=true
      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
    ulimits:
      memlock:
        soft: -1
        hard: -1
    volumes:
      - esdata1:/usr/share/elasticsearch/data
    ports:
      - 9200:9200
      - 9300:9300

  elasticsearch2:
    image: elasticsearch:7.8.0
    container_name: elasticsearch2
    environment:
      - node.name=node2
      - cluster.name=mycluster
      - discovery.seed_hosts=elasticsearch,elasticsearch3
      - cluster.initial_master_nodes=node1,node2,node3
      - bootstrap.memory_lock=true
      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
    ulimits:
      memlock:
        soft: -1
        hard: -1
    volumes:
      - esdata2:/usr/share/elasticsearch/data
    ports:
      - 9201:9200
      - 9301:9300

  elasticsearch3:
    image: elasticsearch:7.8.0
    container_name: elasticsearch3
    environment:
      - node.name=node3
      - cluster.name=mycluster
      - discovery.seed_hosts=elasticsearch,elasticsearch2
      - cluster.initial_master_nodes=node1,node2,node3
      - bootstrap.memory_lock=true
      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"
    ulimits:
      memlock:
        soft: -1
        hard: -1
    volumes:
      - esdata3:/usr/share/elasticsearch/data
    ports:
      - 9202:9200
      - 9302:9300

  kibana:
    image: kibana:7.8.0
    container_name: kibana
    environment:
      - ELASTICSEARCH_HOSTS=http://elasticsearch:9200
    ports:
      - 5601:5601

  logstash:
    image: logstash:7.8.0
    container_name: logstash
    volumes:
      - ./logstash/config:/usr/share/logstash/config
      - ./logstash/pipeline:/usr/share/logstash/pipeline
    ports:
      - 5044:5044

volumes:
  esdata1:
  esdata2:
  esdata3:

[root@docker02 ~]# docker-compose up -d

如果报如如下错:

Error response from daemon: failed to create task for container: failed to create shim task: OCI runtime create failed: runc create failed: sysctl "vm.max_map_count" is not in a separate kernel namespace: unknown

解决方法:

# 修改内存映射区域数量配置
[root@docker02 ~]# vim /etc/sysctl.conf 
vm.max_map_count=262144

# 使新的配置生效
[root@docker02 ~]# sysctl -p /etc/sysctl.conf
vm.max_map_count = 262144

# 重新启动 Docker 服务
[root@docker02 ~]# systemctl restart docker

浏览器访问

image-20230914211914164

image-20230914211921204

image-20230914211925984

image-20230915193900398

0