加载 filebeat 模板 进入 elasticsearch 容器中 ( docker exec -it elasticsearch bash ) curl -O https://gist.githubusercontent.com/thisismitch/3429023e8438cc25b86c/raw/d8c479e2a1adcea8b1fe86570e42abab0f10f364/filebeat-index-template.json curl -XPUT 'http://elasticsearch:9200/_template/filebeat?pretty' -d@filebeat-index-template.json
filebeat-index-template.json
{
"mappings": {
"_default_": {
"_all": {
"enabled": true,
"norms": {
"enabled": false
}
},
"dynamic_templates": [
{
"template1": {
"mapping": {
"doc_values": true,
"ignore_above": 1024,
"index": "not_analyzed",
"type": "{dynamic_type}"
},
"match": "*"
}
}
],
"properties": {
"@timestamp": {
"type": "date"
},
"message": {
"type": "string",
"index": "analyzed"
},
"offset": {
"type": "long",
"doc_values": "true"
},
"geoip" : {
"type" : "object",
"dynamic": true,
"properties" : {
"location" : { "type" : "geo_point" }
}
}
}
}
},
"settings": {
"index.refresh_interval": "5s"
},
"template": "filebeat-*"
}
访问 :5601 可以看到已经出来 kibana 了,但是还没有数据
启动一个 nginx 容器
docker-compose
nginx: image: alpine-nginx networks: network-test: hostname: nginx container_name: nginx restart: always ports: - 80:80 volumes: - /opt/upload/nginx/conf/vhost:/etc/nginx/vhost - /opt/upload/nginx/logs:/opt/nginx/logs
本地目录 /opt/upload/nginx 必须挂载到 filebeat 容器里面,让filebeat 可以采集到。
可以看到 kibana 已经有数据出来了
更多Docker相关教程见以下内容:
Docker安装应用(CentOS 6.5_x64)
Ubuntu 14.04安装Docker
在Ubuntu Trusty 14.04 (LTS) (64-bit)安装Docker