docker-compose搭建EFK,继上篇使用filebeat+es对日志文件的过滤

前言--------上一期说到，通过这两天对EFKL方面的研究,发现Logstash在处理过滤日志，提取确实有一定的优势，配合es和Kibana简直可以完美的把我们需要的日志一目了然的展示出来，但是时间久了会发现Logstash简直太迟CPU了，我丢，这下去不行啊，赶紧研究别的方案。

先给大家展示一下我要收集的日志格式：

[2021-10-29 03:39:12] saveData.INFO: saveData {"params":{"index":"fulfillments_1","id":5941107,"body":{"id":5941107,"shippingMethodId":null,"shippingMethodName":null,"pluginId":null,"shipToName":"tan2","shipToPhone":null,"shipToSuburb":"FRASER RISE","shipToState":"VIC","shipToPostcode":"3336","shipToCountry":"AU","shipToAddress1":"Second St","shipToAddress2":null,"shipToCompanyName":"eiz","shipToEmail":null,"fromAddress1":"tet-1","fromAddress2":null,"fromSuburb":"Moorabbin","fromState":"VIC","fromCountry":"AU","fromPostcode":"3189","fromCompany_name":"eiz","fromName":"jin2","fromPhone":"47658975","fromEmail":null,"carrierName":null,"labelNumber":[],"fulfillmentStatus":1,"consignments":[],"products":[{"id":4,"account_id":1,"product_id":4,"sku":"124","title":"dsadasds","weight":1,"length":11,"width":11,"height":11,"quantity":0,"location":null,"insured_amount":null,"status":0,"custom_label":null,"custom_label2":null,"custom_label3":null,"img_url":null,"barcode":null,"wms_stock":0,"pivot":{"fulfillment_id":5941107,"product_id":4,"qty":1,"note":null,"sku":"124"}}],"consignmentStatus":0,"picklistStatus":0,"createdAt":"2021-10-26 13:33:03","updatedAt":"2021-10-29 14:39:11","package_info":[{"packObj":[],"qty":"2","weight":"13","length":"6","width":"7","height":"8","package_id":null}],"price":null,"note":null,"tags":[{"id":95,"account_id":1,"parent_id":null,"name":"test","description":"{\"name\":\"test\",\"color\":\"#eb2f96\"}"}],"errors":null,"tracking_status":0,"packageNum":2,"productNum":1,"autoQuoteResult":[],"orders":[],"log":[],"shipToRef":"TJ0000212"}}} []

解决方案：通过filebeat+es的pipeline就可以实现我们预期的效果，且不耗CPU，我们来动手试试，先看看实现效果：可以看到我们使用这种方法，依然实现了上一篇的效果

第一步：

先来看看我的项目目录：关于dockerfiles文件夹下的文件内容我都写在上一篇了，还有这块我用的是opensearch+opensearch-dashboards，其实和Elasticsearch+Kibana是一样的，上篇文章有说到

编辑docker-compose.yaml文件

version: "2.2"
services:opensearch:build:context: dockerfilesdockerfile: opensearch-no-security.dockerfilerestart: alwayscontainer_name: opensearchimage: wangyi/opensearch:latestenvironment:- discovery.type=single-nodeports:- 9200:9200- 9600:9600 # required for Performance Analyzervolumes:- opensearch-data1:/usr/share/opensearch/dataopensearch-dashboards:build:context: dockerfilesdockerfile: opensearch-dashboards-no-security.dockerfileimage: wangyi/opensearch-dashboard:latestcontainer_name: opensearch-dashboardsports:- 5601:5601environment:OPENSEARCH_HOSTS: '["http://opensearch:9200"]' # must be a string with no spaces when specified as an environment variablefilebeat:build: ./filebeatrestart: "always"container_name: filebeatvolumes:- ./storage/logs/:/tools/logs/user: rootvolumes:opensearch-data1:

第二步：

配置filebeat文件夹下的Dockerfile文件：

FROM docker.elastic.co/beats/filebeat-oss:7.11.0# Copy our custom configuration file
COPY ./filebeat.yml /usr/share/filebeat/filebeat.ymlUSER root
# Create a directory to map volume with all docker log files
RUN mkdir /usr/share/filebeat/dockerlogs
RUN chown -R root /usr/share/filebeat/
RUN chmod -R go-w /usr/share/filebeat/

编辑filebeat.yml文件

filebeat.inputs:
- type: logenabled: truepaths:- /tools/logs/saveData/*/*/*.logpipeline: savedata_log  ##记住这个pipelinefields:type: savedata_logtail_files: true  ##设置监察文件写入时执行，不从头读取- type: logenabled: truepaths:- /tools/logs/condition/*/*/*.logpipeline: my_pipeline_id  ##记住这个pipelinefields:type: condition_logtail_files: truesetup.ilm.enabled: falsesetup.template.settings:index.number_of_shards: 1index.number_of_replicas: 0index.codec: best_compressionoutput.elasticsearch:hosts: ["opensearch:9200"]indices:- index: "savedata_logs_%{+yyyy.MM.dd}"when.equals:fields.type: "savedata_log"- index: "condition_logs_%{+yyyy.MM.dd}"when.equals:fields.type: "condition_log"

第三步：

启动三个服务，注意启动顺序
1.先启动opensearch（ES）docker-compose up -d opensearch
2.再启动filebeat docker-compose up -d filebeat
3.再启动opensearch-dashboards（Kibana） docker-compose up -d opensearch-dashboards

待所有服务启动成功后，我们打开Kibana后台，配置pipeline

PUT _ingest/pipeline/my_pipeline_id  ##我们在这里创建两个对应filebeat文件的pipeline就行
{"description": "test pipeline","processors": [{"grok": {"field": "message","patterns": ["""\[%{TIMESTAMP_ISO8601:logtime}\] %{WORD:env}\.(?<level>[A-Z]{4,5})\: %{WORD:params} %{GREEDYDATA:message} """]  ##此配置仅限于提取Laravel文件配置},"json": {"field": "message"}}]
}

大家可以通过GROK在线测试自己的正则

EFK一行就此结束，前前后后换了三次方案，最终得出这套完美的解决方案，CPU也看过了，非常完美！！！

docker-compose搭建EFK,继上篇使用filebeat+es对日志文件的过滤相关推荐

Docker Compose搭建consul群集环境（了解Docker Compose及常用命令，Docker四种网络，Doker指定端口）
文章目录 Docker Compose搭建consul群集环境认识Docker Compose IConsul Docker Compose容器编排 Dasker Compose配置常用字段 Bos ...
Docker学习之路05：五分钟用docker compose搭建一个自己的个人博客网站！
五分钟用docker compose搭建一个自己的个人博客网站! Docker学习路线传送门: Docker学习之路01:Docker的安装 Docker学习之路02:阿里云镜像加速器 Docker学 ...
Docker Compose搭建TDengine集群
文章目录 1. Linux上安装Docker 2. 安装Docker Compose 3. 自定义Docker 网络 4. 搭建集群 4.1 基础配置 4.2 查看启动效果 4.3 测试节点 4.3. ...
教你三分钟用docker compose搭建一个自己的个人博客网站
hi,大家好,我是 jack xu,今天和大家聊一个轻松.好玩.易懂的话题,就是教大家搭建一个自己的个人博客网站,可以在同事朋友面前炫耀一把.事情的缘由是我们公司有个同事,有一天他给了我一个网站,我打 ...
Docker使用docker compose搭建Jellyfin私人媒体服务器个人电影网站
->Docker及docker compose的安装点这里创建 docker-compose.yml 文件 version: "3" services:jellyfin:i ...
docker compose搭建NACOS集群
使用docker搭建NACOS集群 SpringCloud Alibaba,必然会使用Nacos进行服务注册与配置管理.然而,在实际的生产环境中,使用单服务器搭建nacos服务器是十分危险的,如若发生 ...
使用Docker Compose 搭建lnmp
文章目录一: Docker-compose 简介 1.1 为什么使用 Docker-compose 1.2 Docker-compose概述二: compose 的部署 2.1 Docker Co ...
基于Docker Compose搭建的Mysql8.0主从复制(1主3从，多主机)
系统环境 CentOs 7 mysql 8.0.19 docker 18.09.9-ce docker-compose 1.26.1-rc3 安装docker-compose环境 docker-com ...
Docker Compose 搭建 Docker Registry 私服
简介官方的 Docker Hub 是一个用于管理公共镜像的地方,我们可以在上面找到我们想要的镜像,也可以把我们自己的镜像推送上去.你也可以选择通过 Docker Registry 搭建一个属于自己的 ...
Docker Compose——搭建Redis集群
环境配置 Docker 18.x Docker-Compose 3.7 Redis 6.2.5 主从(Master-Slave)模式主从复制模式中包含一个主数据库实例(master)与一个或多个从数 ...