ES+Kibana
kibana地址:https://www.elastic.co/cn/products/kibana
ELK docker: Docker
在线ELK demo环境: http://elk.testing-studio.com:5601/app/kibana
安装ELK
#更新ELK
docker pull registry.docker-cn.com/sebp/elk
sysctl -w vm.max_map_count=262144
#部署
docker run \\
--name elk -d \\
-e LOGSTASH_START=0 \\
-e ES_HEAP_SIZE="1g" \\
-p 5601:5601 -p 9200:9200 -p 5044:5044 \\
registry.docker-cn.com/sebp/elk
#启动
docker start elk
Logstash
Logstash: Installing Logstash | Logstash Reference [8.6] | Elastic
logstash docker安装: https://store.docker.com/images/logstash
直接下载:https://artifacts.elastic.co/downloads/logstash/logstash-6.2.4.zip
#更新logstash
docker pull registry.docker-cn.com/library/logstash
#官网docker镜像
docker pull docker.elastic.co/logstash/logstash
写一份配置文件
input {
file {
path => "/data/*.csv"
start_position => beginning
}
}
filter {
csv{
columns =>[ "log_time", "user", "api", "status", "version"]
}
date {
match => ["log_time", "yyyy-MM-dd HH:mm:ss"]
timezone => "Asia/Shanghai"
}
}
output {
elasticsearch {
hosts => ["elk.testing-studio.com:9200"]
index => "logstash-rc-%{+YYYY.MM.dd}"
}
}
填充数据
while true
do
version=$([ $((RANDOM%5)) -ge 1 ] && echo debug || echo test)
version=${version}_3.$((RANDOM%3))
api=api/$((RANDOM%5)).json
array=(200 404 200 502 200 503 200)
status=${array[RANDOM%7]}
ip=192.168.0.1$((RANDOM%5))$((RANDOM%5))
echo $(date +"%Y-%m-%d %H:%M:%S"),${ip},${api},${status},${version} | tee -a $(date +%Y%m%d%H%M).csv
sleep 0.$((RANDOM%5))
done
启动logstash
docker run -it --rm \\
-v $PWD/conf/:/conf/ \\
-v $PWD/data/:/data/ \\
logstash -f /conf/csv.conf
监控架构