实战：使用Docker Compose运行ELK
- 参考文档

实战：使用Docker Compose运行ELK

ElasticSearch【存储】
Logtash【日志聚合器】
Kibana【界面】

答案：

version: '2'
services:
 elasticsearch:
  image: elasticsearch
  # command: elasticsearch
  ports:
   - "9200:9200"   # REST API端口
   - "9300:9300"   # RPC端口
 logstash:
  image: logstash
  command: logstash -f /etc/logstash/conf.d/logstash.conf
  volumes:
   - ./config:/etc/logstash/conf.d
   - /opt/build:/opt/build
  ports:
   - "5000:5000"
 kibana:
  image: kibana
  environment:
   - ELASTICSEARCH_URL=http://elasticsearch:9200
  ports:
   - "5601:5601"

logstash.conf 参考示例：

input {
  file {
    codec => json
    path => "/opt/build/*.json"
  }
}
filter {
  grok {
    match => { "message" => "%{TIMESTAMP_ISO8601:timestamp}\s+%{LOGLEVEL:severity}\s+\[%{DATA:service},%{DATA:trace},%{DATA:span},%{DATA:exportable}\]\s+%{DATA:pid}---\s+\[%{DATA:thread}\]\s+%{DATA:class}\s+:\s+%{GREEDYDATA:rest}" }
  }
}
output {
  elasticsearch {
    hosts => "elasticsearch:9200"
  }
}

参考文档

https://docs.docker.com/compose/samples-for-compose/#samples-tailored-to-demo-compose