본문 바로가기

docker-compose elk 설정

2021. 8. 6.

logstash 에서 로그파일을 elastic search로 보낼 때 사용했던 설정파일들

 

docker-compose.yml

version: '3.2'

services:
  elasticsearch:
    build:
      context: elasticsearch/
      args:
        ELK_VERSION: $ELK_VERSION
    volumes:
      - type: bind
        source: ./elasticsearch/config/elasticsearch.yml
        target: /usr/share/elasticsearch/config/elasticsearch.yml
        read_only: true
      - type: volume
        source: elasticsearch
        target: /usr/share/elasticsearch/data
    ports:
      - "9200:9200"
      - "9300:9300"
    environment:
      ES_JAVA_OPTS: "-Xmx256m -Xms256m"
      ELASTIC_PASSWORD: changeme
      # Use single node discovery in order to disable production mode and avoid bootstrap checks.
      # see: https://www.elastic.co/guide/en/elasticsearch/reference/current/bootstrap-checks.html
      discovery.type: single-node
    networks:
      - elk

  logstash:
    build:
      context: logstash/
      args:
        ELK_VERSION: $ELK_VERSION
    volumes:
      - type: bind
        source: ./logstash/config/logstash.yml
        target: /usr/share/logstash/config/logstash.yml
        read_only: true
      - type: bind
        source: ./logstash/pipeline
        target: /usr/share/logstash/pipeline
        read_only: true
      - type: bind
        source: /usr/local/Cellar/tomcat@8/8.5.63/libexec/bin/logs
        target: /usr/share/logstash/intellij_logs
    ports:
      - "5044:5044"
      - "5000:5000/tcp"
      - "5000:5000/udp"
      - "9600:9600"
    environment:
      LS_JAVA_OPTS: "-Xmx256m -Xms256m"
    networks:
      - elk
    depends_on:
      - elasticsearch

  kibana:
    build:
      context: kibana/
      args:
        ELK_VERSION: $ELK_VERSION
    volumes:
      - type: bind
        source: ./kibana/config/kibana.yml
        target: /usr/share/kibana/config/kibana.yml
        read_only: true
    ports:
      - "5601:5601"
    networks:
      - elk
    depends_on:
      - elasticsearch

networks:
  elk:
    driver: bridge

volumes:
  elasticsearch:

 

logstash

input {
#       beats {
#               port => 5044
#       }

#       tcp {
#               port => 5000
#       }

        file {
                path => "/usr/share/logstash/logs/*.log" # log 파일 경로
                start_position => "beginning" # offset 정보가 없을경우 처음부터 파일 리딩
                sincedb_path => "/usr/share/logstash/since-log/sincedb" #offset 저장 경로
        }
}

## Add your filters / logstash plugins configuration here

output {
        elasticsearch {
                hosts => "host-ip:9200"
                index => "index_name.%{+YYYY.MM.dd}"
                user => "elastic"
                password => "changeme"
                ecs_compatibility => disabled
        }
}

 

'ELK Stack' 카테고리의 다른 글

ELK 설치  (0) 2021.09.14
ELKB 설치및 세팅 (with docker-compose, linux)  (0) 2021.09.14
[Linux] docker-compose 설치  (0) 2021.07.30
(Logstash) sincedb Permission denied 오류 해결 방법  (0) 2021.07.28
Elastic Stack 시작하기  (0) 2021.03.19
댓글