# docker-elk

**Repository Path**: wangxuancheng/docker-elk

## Basic Information

- **Project Name**: docker-elk
- **Description**: No description available
- **Primary Language**: Unknown
- **License**: MIT
- **Default Branch**: master
- **Homepage**: None
- **GVP Project**: No

## Statistics

- **Stars**: 1
- **Forks**: 0
- **Created**: 2021-10-27
- **Last Updated**: 2021-10-27

## Categories & Tags

**Categories**: Uncategorized

**Tags**: None

## README

# Elastic stack (ELK) on Docker

**原git地址** 

 https://github.com/deviantony/docker-elk



**安装 docker-compose**

https://www.runoob.com/docker/docker-compose.html



**启动**

```
cd docker-elk
docker-compose up -d 
```



**默认密码修改** 

docker-compose.yml                    ELASTIC_PASSWORD 

kibana/config/kibana.yml            elasticsearch.password:

logstash/config/logstash.yml       xpack.monitoring.elasticsearch.password:



**设置中文**

kibana/config/kibana.yml 增加一行

```
i18n.locale: "zh-CN"
```



**服务器ip修改** 

kibana/config/kibana.yml    elasticsearch.hosts:

logstash/config/logstash.yml    xpack.monitoring.elasticsearch.hosts: 

logstash/pipeline/logstash.conf   hosts



**收集日志**

```
vim logstash/pipeline/logstash.conf
```

```apl
input {
    file {
        path => "/www/wwwlogs/demo.com.log"
        start_position => "beginning"
        type => "nginx-access"
    }
    
    file {
        path => "/www/wwwlogs/demo.com.error.log"
        start_position => "beginning"
        type => "nginx-error"
    }
    
    file {
        path => "/www/wwwroot/demo.com/storage/logs/*.log"
        start_position => "beginning"
        type => "laravel"
    }
    
	beats {
		port => 5044
	}

	tcp {
		port => 5000
	}
}

output {
    if [type] == "nginx-access" { 
       elasticsearch {
    		hosts => "172.21.28.138:9200"
    		index => "nginx-access-log-%{+YYYY.MM.dd}"
    		user => "elastic"
    		password => "Wxc123456"
    	}
    } else if [type] == "nginx-error" {
        elasticsearch {
    		hosts => "172.21.28.138:9200"
    		index => "nginx-error-log-%{+YYYY.MM.dd}"
    		user => "elastic"
    		password => "Wxc123456"
    	}
    } else if [type] == "laravel" {
        elasticsearch {
    		hosts => "172.21.28.138:9200"
    		index => "laravel-log-%{+YYYY.MM.dd}"
    		user => "elastic"
    		password => "Wxc123456"
    	}
    }
}
```



**修改完配置需挂载上面path的日志文件到logstash容器** （这里收集了nginx日志和php laravel框架日志）



**可以挂载elasticsearch/data 数据，data目录需要给读写权限**  

```shell
chmod -R 777 data
```



**重启docker容器**

elasticsearch    http://ip:9200

kibana   http://ip:5601



**创建索引**

http://ip:5601/app/management/kibana/indexPatterns

名称： 

laravel-log-*   

nginx-access-log-*  

nginx-error-log-*

时间戳字段： 选择 @timestamp

| laravel-log-2021.10.27      | 索引 |
| --------------------------- | ---- |
| nginx-access-log-2021.10.27 | 索引 |
| nginx-error-log-2021.10.27  |      |



**查看收集的日志**

http://ip:5601/app/discover



**模糊匹配搜索**   *可以代替多个字符  

```tex
 *keyword  
 keyword*
 *keyword*
```