ELK + cache - HackMD

# ELK + cache [TOC] ## docker-compose.yml ``` version: "3.4" #------------------------------------------------------------------------------------------------------- # ELK + cache 應用 # # filebeat(收集檔案) -> redis(緩存) -> logstash(資料篩選) -> elasticsearch(儲存) -> kibana(視覺化) #------------------------------------------------------------------------------------------------------- services: #-------------------------- # Elasticsearch service #-------------------------- elasticsearch: container_name: elasticsearch image: elasticsearch:7.16.1 restart: on-failure #重啟策略 1.no 2.always: 3.on-failure ports: - "9200:9200" - "9300:9300" environment: - discovery.type=single-node #節點設置 - bootstrap.memory_lock=true #提高性能官方建議 - "ES_JAVA_OPTS=-Xms512m -Xmx512m" #設定啟動記憶體大小預設/最大設置 ulimits: memlock: soft: -1 hard: -1 volumes: #掛載檔案 - /vagrant/elasticsearch/data:/usr/share/elasticsearch/data #相關應用資料 - /vagrant/elasticsearch/config/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml #設定檔 - /vagrant/elasticsearch/logs:/usr/share/elasticsearch/logs #紀錄資料 #-------------------------- # kibana service #-------------------------- kibana: container_name: kibana image: kibana:7.16.1 depends_on: - elasticsearch restart: on-failure ports: - "5601:5601" volumes: - /vagrant/kibana/config/kibana.yml:/usr/share/kibana/config/kibana.yml #-------------------------- # Logstash service #-------------------------- logstash: container_name: logstash image: logstash:7.16.1 command: logstash -f /usr/share/logstash/conf/logstash.conf depends_on: - elasticsearch restart: on-failure ports: - "9600:9600" - "5044:5044" volumes: - /vagrant/logstash/config/logstash.yml:/usr/share/logstash/config/logstash.yml - /vagrant/logstash/config:/usr/share/logstash/conf/ #-------------------------- # Filebeat service #-------------------------- filebeat: container_name: filebeat image: elastic/filebeat:7.16.1 command: filebeat -e -strict.perms=false depends_on: - elasticsearch - logstash - kibana restart: on-failure volumes: - /vagrant/filebeat/config/filebeat.yml:/usr/share/filebeat/filebeat.yml - /home/vagrant/log:/var/log/logapp #-------------------------- # Redis service #-------------------------- redis: image: redis restart: always container_name: redis environment: - TZ=Asia/Shanghai ports: - 6379:6379 volumes: - /vagrant/redis/config/redis.conf:/usr/local/etc/redis/redis.conf - /vagrant/redis/data/:/data - /vagrant/redis/log/redis.log:/var/log/redis/redis.log command: ["redis-server","/usr/local/etc/redis/redis.conf"] ``` ## elasticsearch setting * /vagrant/elasticsearch/config/elasticsearch.yml ``` # default configuration in docker cluster.name: "elasticsearch" network.host: 0.0.0.0 #network.bind_host: 0.0.0.0 #cluster.routing.allocation.disk.threshold_enabled: false #node.name: es-master #node.master: true #node.data: true http.cors.enabled: true http.cors.allow-origin: "*" #http.port: 9200 #transport.tcp.port: 9300 ``` ## filebeat setting * /vagrant/filebeat/config/filebeat.yml ``` filebeat.inputs: - type: log paths: - /var/log/logapp/*.log output.redis: hosts: ["172.17.8.112:6379"] key: "nginx-www" db: 0 timeout: 5 ``` ## kibana setting * /vagrant/kibana/config/kibana.yml ``` ## Default Kibana configuration for docker target server.name: "kibana" ## 0.0.0.0才能訪問到elasticsearch server.host: "0.0.0.0" ## 連到elasticsearch elasticsearch.hosts: [ "http://172.17.8.112:9200" ] ``` ## logstash setting * /vagrant/logstash/config/logstash.yml ``` http.host: "0.0.0.0" xpack.monitoring.elasticsearch.hosts: [ "http://172.17.8.112:9200" ] xpack.monitoring.enabled: false path.config: /usr/share/logstash/conf/logstash.conf ``` * /vagrant/logstash/config/logstash.conf ``` input { redis { host => "172.17.8.112" port => "6379" key => "nginx-www" data_type => "list" } } output { elasticsearch { hosts => ["http://172.17.8.112:9200"] index => "applog" } } ``` ## redis setting * /vagrant/redis/config/redis.conf ``` bind 0.0.0.0 port 6379 pidfile /var/run/redis/redis.pid ``` ###### tags: `Linux`