1、创建一个脚本文件setup-elk.sh
#!/bin/bash
# =================================================================
# ELK Stack 自动化部署脚本 (for Docker Compose)
#
# 功能:
# 1. 创建标准的项目目录结构。
# 2. 自动生成 docker-compose.yml, filebeat.yml, logstash.conf。
# 3. 提供清晰的后续操作指引。
#
# 使用方法:
# 1. chmod +x setup-elk.sh
# 2. ./setup-elk.sh
# =================================================================
# 定义颜色常量,让输出更美观
GREEN='\033[0;32m'
YELLOW='\033[1;33m'
NC='\033[0m' # No Color
# --- 1. 创建项目目录结构 ---
echo -e "${YELLOW}==> 1. Creating project directory structure...${NC}"
PROJECT_DIR="elk-stack"
mkdir -p ${PROJECT_DIR}/{filebeat,logstash/pipeline,logs}
if [ $? -ne 0 ]; then
echo "Error: Failed to create directories."
exit 1
fi
echo " - ${PROJECT_DIR}/"
echo " - ${PROJECT_DIR}/filebeat/"
echo " - ${PROJECT_DIR}/logstash/pipeline/"
echo " - ${PROJECT_DIR}/logs/"
echo -e "${GREEN}Directory structure created successfully.${NC}\n"
# 切换到项目目录
cd ${PROJECT_DIR}
# --- 2. 创建 docker-compose.yml 文件 ---
echo -e "${YELLOW}==> 2. Creating docker-compose.yml...${NC}"
cat <<EOF > docker-compose.yml
version: '3.8'
services:
# 1. Elasticsearch: 存储和搜索日志
elasticsearch:
image: elasticsearch:8.13.4
container_name: elasticsearch
environment:
- discovery.type=single-node
- xpack.security.enabled=false
- "ES_JAVA_OPTS=-Xms512m -Xmx512m"
volumes:
- esdata:/usr/share/elasticsearch/data
ports:
- "9200:9200"
networks:
- elk
healthcheck:
test: ["CMD-SHELL", "curl -s http://localhost:9200/_cluster/health | grep -vq '\"status\":\"red\"'"]
interval: 10s
timeout: 5s
retries: 5
# 2. Logstash: 处理和转换日志
logstash:
image: logstash:8.13.4
container_name: logstash
volumes:
- ./logstash/pipeline/:/usr/share/logstash/pipeline/
ports:
- "5044:5044"
networks:
- elk
depends_on:
elasticsearch:
condition: service_healthy
# 3. Kibana: 可视化界面
kibana:
image: kibana:8.13.4
container_name: kibana
environment:
- ELASTICSEARCH_HOSTS=http://elasticsearch:9200
ports:
- "5601:5601"
networks:
- elk
depends_on:
elasticsearch:
condition: service_healthy
# 4. Filebeat: 收集和发送日志文件
filebeat:
image: elastic/filebeat:8.13.4
container_name: filebeat
user: root
volumes:
- ./filebeat/filebeat.yml:/usr/share/filebeat/filebeat.yml:ro
- ./logs:/var/log/app/:ro
- filebeatdata:/usr/share/filebeat/data/
networks:
- elk
depends_on:
- logstash
networks:
elk:
driver: bridge
volumes:
esdata:
driver: local
filebeatdata:
driver: local
EOF
echo -e "${GREEN}docker-compose.yml created successfully.${NC}\n"
# --- 3. 创建 filebeat.yml 文件 ---
echo -e "${YELLOW}==> 3. Creating filebeat.yml...${NC}"
cat <<EOF > filebeat/filebeat.yml
filebeat.inputs:
- type: log
enabled: true
paths:
- /var/log/app/*.log
output.logstash:
hosts: ["logstash:5044"]
EOF
echo -e "${GREEN}filebeat.yml created successfully.${NC}\n"
# --- 4. 创建 logstash.conf 文件 ---
echo -e "${YELLOW}==> 4. Creating logstash.conf...${NC}"
cat <<EOF > logstash/pipeline/logstash.conf
input {
beats {
port => 5044
}
}
filter {
# 在这里添加你的日志解析规则, 例如:
# if [message] =~ /^{.*}$/ {
# json {
# source => "message"
# }
# }
}
output {
elasticsearch {
hosts => ["http://elasticsearch:9200"]
index => "app-logs-%{+YYYY.MM.dd}"
}
# stdout { codec => rubydebug }
}
EOF
echo -e "${GREEN}logstash.conf created successfully.${NC}\n"
# --- 5. 创建示例日志文件 ---
echo -e "${YELLOW}==> 5. Creating a placeholder log file...${NC}"
touch logs/app.log
echo -e "${GREEN}logs/app.log created successfully.${NC}\n"
# --- 6. 完成并提供后续指令 ---
echo -e "${GREEN}======================================================"
echo -e " ELK Stack Setup Completed! "
echo -e "======================================================${NC}"
echo ""
echo "所有配置文件已在 '${YELLOW}${PROJECT_DIR}${NC}' 目录中生成。"
echo ""
echo -e "下一步操作:"
echo "1. 启动整个日志栈:"
echo -e " ${YELLOW}cd ${PROJECT_DIR}${NC}"
echo -e " ${YELLOW}docker-compose up -d${NC}"
echo ""
echo "2. 启动后,您可以向日志文件中写入数据进行测试:"
echo -e " ${YELLOW}echo '{\"level\":\"INFO\", \"message\":\"This is a test log.\"}' >> logs/app.log${NC}"
echo ""
echo "3. 访问 Kibana 进行查看:"
echo -e " ${YELLOW}http://<your-server-ip>:5601${NC}"
echo ""
echo "4. 停止服务:"
echo -e " ${YELLOW}docker-compose down${NC}"
echo ""
2、设置添加该脚本文件为可执行
chmod +x setup-elk.sh
3、执行脚本
./setup-elk.sh
4、执行切入文件夹执行对应yml文件
cd elk-stack
docker compose up -d
5、查看是否启动成功
docker compose ps