# 200机器,准备镜像、资源清单:
# logstash的版本需要和es的版本一样,11机器cd /opt/目录下即可查看到
~]# docker pull logstash:6.8.6
~]# docker images|grep logstash
~]# docker tag d0a2dac51fcb harbor.od.com/infra/logstash:v6.8.6
~]# docker push harbor.od.com/infra/logstash:v6.8.6
~]# mkdir /etc/logstash
~]# vi /etc/logstash/logstash-test.conf
input {
kafka {
bootstrap_servers => "10.4.7.11:9092"
client_id => "10.4.7.200"
consumer_threads => 4
group_id => "k8s_test"
topics_pattern => "k8s-fb-test-.*"
}
}
filter {
json {
source => "message"
}
}
output {
elasticsearch {
hosts => ["10.4.7.12:9200"]
index => "k8s-test-%{+YYYY.MM.DD}"
}
}
~]# vi /etc/logstash/logstash-prod.conf
input {
kafka {
bootstrap_servers => "10.4.7.11:9092"
client_id => "10.4.7.200"
consumer_threads => 4
group_id => "k8s_prod"
topics_pattern => "k8s-fb-prod-.*"
}
}
filter {
json {
source => "message"
}
}
output {
elasticsearch {
hosts => ["10.4.7.12:9200"]
index => "k8s-prod-%{+YYYY.MM.DD}"
}
}
# 启动
~]# docker run -d --name logstash-test -v /etc/logstash:/etc/logstash harbor.od.com/infra/logstash:v6.8.6 -f /etc/logstash/logstash-test.conf
~]# docker ps -a|grep logstash
我们刷新demo页面让kafka里面更新些日志
# 200机器,验证ES索引(可能比较慢):
~]# curl http://10.4.7.12:9200/_cat/indices?v
这个反应有点慢,我等了快三分钟