使用docker swarm搭建EFK(elasticsearch、filebeat、kibana)
发表于:2025-12-02 作者:千家信息网编辑
千家信息网最后更新 2025年12月02日,elasticsearch安装elasticsearch.yml 参考官方文档https://www.elastic.co/guide/en/elasticsearch/reference/curre
千家信息网最后更新 2025年12月02日使用docker swarm搭建EFK(elasticsearch、filebeat、kibana)
elasticsearch安装
elasticsearch.yml 参考官方文档https://www.elastic.co/guide/en/elasticsearch/reference/current/docker.html
version: '3'services: elasticsearch: image: elasticsearch:7.4.2 restart: always ulimits: memlock: soft: -1 hard: -1 ports: - 9200:9200 networks: - logging volumes: - esdata1:/usr/share/elastcisearch/data - ./elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml environment: - "ES_JAVA_OPTS=-Xms512m -Xmx512m"volumes: esdata1: driver: localnetworks: logging: external: name: logging新版在安装过程中遇到两个问题
1 the default discovery settings are unsuitable for production use; at least one of [discovery.seed_hosts, discovery.seed_providers, cluster.initial_master_nodes] must be configured
需要新建elasticsearch.yml文件(https://github.com/elastic/elasticsearch/blob/master/distribution/src/config/elasticsearch.yml)
修改node.name和cluster.initial_master_nodes一致# ======================== Elasticsearch Configuration =========================## NOTE: Elasticsearch comes with reasonable defaults for most settings.# Before you set out to tweak and tune the configuration, make sure you# understand what are you trying to accomplish and the consequences.## The primary way of configuring a node is via this file. This template lists# the most important settings you may want to configure for a production cluster.## Please consult the documentation for further information on configuration options:# https://www.elastic.co/guide/en/elasticsearch/reference/index.html## ---------------------------------- Cluster -----------------------------------## Use a descriptive name for your cluster:#cluster.name: es-cluster## ------------------------------------ Node ------------------------------------## Use a descriptive name for the node:#node.name: "es-master"## Add custom attributes to the node:##node.attr.rack: r1## ----------------------------------- Paths ------------------------------------## Path to directory where to store the data (separate multiple locations by comma):##${path.data}## Path to log files:##${path.logs}## ----------------------------------- Memory -----------------------------------## Lock the memory on startup:##bootstrap.memory_lock: true## Make sure that the heap size is set to about half the memory available# on the system and that the owner of the process is allowed to use this# limit.## Elasticsearch performs poorly when the system is swapping the memory.## ---------------------------------- Network -----------------------------------## Set the bind address to a specific IP (IPv4 or IPv6):#network.host: 0.0.0.0## Set a custom port for HTTP:##http.port: 9200## For more information, consult the network module documentation.## --------------------------------- Discovery ----------------------------------## Pass an initial list of hosts to perform discovery when this node is started:# The default list of hosts is ["127.0.0.1", "[::1]"]#discovery.seed_hosts: ["127.0.0.1", "[::1]"]## Bootstrap the cluster using an initial set of master-eligible nodes:#cluster.initial_master_nodes: ["es-master"]## For more information, consult the discovery and cluster formation module documentation.## ---------------------------------- Gateway -----------------------------------## Block initial recovery after a full cluster restart until N nodes are started:##gateway.recover_after_nodes: 3## For more information, consult the gateway module documentation.## ---------------------------------- Various -----------------------------------## Require explicit names when deleting indices:##action.destructive_requires_name: truehttp.cors.enabled: truehttp.cors.allow-origin: /.*/- 2 max virtual memory areas vm.max_map_count [65530] is too low, increase to at least [262144]
在宿主机修改/etc/sysctl.conf,添加vm.max_map_count=262144
filebeat
filebeat 相对于flnent代码ruqin小,无须修改已经开发的相关java项目,且内存占用小
docker-compose.yml
version: '3'services: filebeat: image: elastic/filebeat:7.4.2 container_name: filebeat volumes: - ./filebeat.yml:/usr/share/filebeat/filebeat.yml restart: always networks: - logging deploy: replicas: 1networks: logging: external: name: loggingfilebeat.yml
filebeat.inputs:- type: log paths: - /var/lib/docker/containers/*/*.logoutput.elasticsearch: hosts: ["elasticsearch:9200"]kibana
kibana没有什么繁琐的配置,指定ELASTICSEARCH_HOSTS即可
docker-compose.yml 配置如下
version: '3'services: kibana: image: kibana:7.4.2 ports: - 5601:5601 networks: - logging environment: ELASTICSEARCH_HOSTS: http://elasticsearch:9200networks: logging: external: name: logging
配置
一致
繁琐
两个
代码
内存
官方
宿主
宿主机
文件
文档
过程
问题
项目
参考
开发
数据库的安全要保护哪些东西
数据库安全各自的含义是什么
生产安全数据库录入
数据库的安全性及管理
数据库安全策略包含哪些
海淀数据库安全审计系统
建立农村房屋安全信息数据库
易用的数据库客户端支持安全管理
连接数据库失败ssl安全错误
数据库的锁怎样保障安全
软件开发日志记录
抚州市委网络安全和信息化中心
云州区现代化网络安全常见问题
加强网络安全教育是保障
颜色英语单词软件开发
湖北特种网络技术五星服务
服务器主板加显卡教程
数据库技术 课程设计报告
吴中区进口网络技术共同合作
如何查看服务器类型的
web界面无法定位服务器
中间件及系统软件开发是做什么的
在数据库中用存储过程打标
软件开发小规模增值税率
检查服务器错误码
自动代理服务器地址
乐陵软件开发哪个好
数据库 原则 冗余
数据库显示的方式
何为关系数据库
数据库自动记录日期
讯达电梯服务器怎么用
app快递软件开发多少钱
数据库结构为
关系数据库中访问数据库的方式
go使用什么数据库
云梦县公安局网络安全大队大队长
朝阳区多功能网络技术怎么样
服务器该怎么更新
华为云服务器推流
