ELK+FileBeat日志分析系统

filebeat:负责将日志数据传输到redis

Redis：暂时进行缓存

logstash:收集缓存中的日志数据

elasticsearch:负责存储日志数据

kibana:负责显示日志的数据

流程图

ELK+FileBeat日志分析系统

拉取filebeat镜像

docker pull elastic/filebeat

启动filebeat

 
docker run -d --name filebeat -v /docker/filebeat/filebeat.yml:/usr/share/filebeat/filebeat.yml -v /docker/www:/docker/www --privileged=true elastic/filebeat:7.5.1
vim filebeat.yml
配置文件
filebeat.inputs:
- type: log
  paths:- /docker/www/lmrs-2008/storage/logs/laravel.log
  multiline.pattern: '^\[[0-9]{4}-[0-9]{2}-[0-9]{2}'
  multiline.negate: true
  multiline.match: after
  multiline.timeout: 5s
  scan_frequency: 5s
  fields:
          index: 'laravel-log'
output.redis:
        hosts: ["192.168.126.105:6379"]
        db: "0" 
        timeout: 5
        password: "lmrs"
        key: "%{[fields.index]:otherIndex}"
vim kibana.yml
配置文件
server.name: "kibana"
server.host: "0.0.0.0"
elasticsearch.hosts: ["http://192.168.126.105:9200"]
xpack.monitoring.ui.container.elasticsearch.enabled: true
 
logging.dest: /var/log//kibana/kibana.log
i18n.locale: "zh-CN"

ELK+FileBeat日志分析系统

	docker run -d --name filebeat -v /docker/filebeat/filebeat.yml:/usr/share/filebeat/filebeat.yml -v /docker/www:/docker/www --privileged=true elastic/filebeat:7.5.1
	vim filebeat.yml
	配置文件
	filebeat.inputs:
	- type: log
	paths:- /docker/www/lmrs-2008/storage/logs/laravel.log
	multiline.pattern: '^\[[0-9]{4}-[0-9]{2}-[0-9]{2}'
	multiline.negate: true
	multiline.match: after
	multiline.timeout: 5s
	scan_frequency: 5s
	fields:
	index: 'laravel-log'
	output.redis:
	hosts: ["192.168.126.105:6379"]
	db: "0"
	timeout: 5
	password: "lmrs"
	key: "%{[fields.index]:otherIndex}"
	vim kibana.yml
	配置文件
	server.name: "kibana"
	server.host: "0.0.0.0"
	elasticsearch.hosts: ["http://192.168.126.105:9200"]
	xpack.monitoring.ui.container.elasticsearch.enabled: true

	logging.dest: /var/log//kibana/kibana.log
	i18n.locale: "zh-CN"