ES启动命令
docker run -d --name elasticsearch -p 9200:9200 -p 9300:9300 elasticsearch:8.17.0es启动之后需要进入es容器,重置密码
elasticsearch-reset-password -u elastic -i重置后的密码配置到kibana.yml中,启动kibana
docker run -d --name kibana -p 5601:5601 --link elasticsearch:elasticsearch kibana:8.17.0kibana启动后,打开管理页面,会弹出需要token的窗口,去es容器中生产
./elasticsearch-create-enrollment-token --scope kibana之后查看kibana的日志,再日志中打印了6位验证码,输入验证码,kibana就启动完成。
logstash启动主要是需要配置好,先上配置
output {
elasticsearch {
hosts => ["http://127.0.01:9200"] # 根据你的ES地址修改
ssl => true
cacert => "/usr/share/logstash/config/http_ca.crt"
index => "httppackmsg"
user => "elastic" # 如果启用了安全认证
password => "ztn-9lk30OJmIQdhtQEg"
document_id => "%{[@metadata][_id]}"
action => "update"
doc_as_upsert => true
script => "ctx._source.count = (ctx._source.count ?: 0) + 1"
script_type => "inline"
script_lang => "painless"
}
# 调试用(可选)
stdout {
codec => rubydebug
}
}配置中同样需要将重置后的密码写上,还有就是配置crt文件的路径,crt文件需要从es容器中导出,然后在logstash启动时挂载。
docker cp <容器名或ID>:<容器内文件路径> <宿主机目标路径>logstash.yml文件也需要从容器中复制出来,进行一些修改,然后在启动时挂载,logstash修改后示例:
http.host: "0.0.0.0"
xpack.monitoring.elasticsearch.hosts: ["https://172.17.0.2:9200"]
xpack.monitoring.elasticsearch.username: "elastic"
xpack.monitoring.elasticsearch.password: "123456"
xpack.monitoring.elasticsearch.ssl.certificate_authority: "/usr/share/logstash/config/http_ca.crt"
docker run -it --name logstash \
-v /usr/local/logstash/config/http_ca.crt:/usr/share/logstash/config/http_ca.crt \
-v /usr/local/logstash/config/logstash.conf:/usr/share/logstash/pipeline/logstash.conf \
-v /usr/local/logstash/config/logstash.yml:/usr/share/logstash/config/logstash.yml logstash:8.17.0