docker -v

# 查詢docker相關rpm
rpm -qa | grep docker
# 移除相關rpm（將上一步查詢出來的進行移除）
sudo yum remove docker \
                  docker-client \
                  docker-client-latest \
                  docker-common \
                  docker-latest \
                  docker-latest-logrotate \
                  docker-logrotate \
                  docker-engine
# 移除后，再查詢docker相關rpm，確保移除成功
rpm -qa | grep docker

#安裝所需資源包
sudo yum install -y yum-utils
#設置docker下載地址
sudo yum-config-manager \
    --add-repo \
    https://download.docker.com/linux/centos/docker-ce.repo
    
#安裝docker
sudo yum install docker-ce docker-ce-cli containerd.io

yum list docker-ce --showduplicates | sort -r

sudo systemctl start docker

#查看docker的版本
docker -v

# 查看本地主機上已有鏡像的基本信息。
docker images

curl -L https://get.daocloud.io/docker/compose/releases/download/1.25.5/docker-compose-`uname -s`-`uname -m` > /usr/local/bin/docker-compose
ll /usr/local/bin

chmod +x /usr/local/bin/docker-compose
ll /usr/local/bin

docker-compose -v

# 創(chuàng)建目錄/usr/local/elk/es/data和/usr/local/elk/es/plugins和/usr/local/elk/es/config和/usr/local/elk/logstash和/usr/local/elk/kibana
mkdir -p /usr/local/elk/{es/data,es/plugins,es/config,logstash,kibana/config,kibana/data}
ll  /usr/local/elk
ll /usr/local/elk/es
ll /usr/local/elk/kibana
# 授權(quán)相關文件夾權(quán)限
chmod -R 777 /usr/local/elk/es
chmod -R 777 /usr/local/elk/logstash
chmod -R 777 /usr/local/elk/kibana

vim /usr/local/elk/docker-compose.yml

version: '3' #指定compose文件的版本號，目前有1,2,3這三個版本

services:
  elasticsearch: # 指定服務名
    image: elasticsearch:7.17.5  #鏡像
    container_name: elasticsearch-7.17.5  #定義容器名稱
    restart: always  #開機啟動，失敗也會一直重啟
    environment:
      - "cluster.name=elasticsearch" #設置集群名稱為elasticsearch
      - "discovery.type=single-node" #以單一節(jié)點模式啟動
      - "ES_JAVA_OPTS=-Xms1024m -Xmx1024m" #設置使用jvm內(nèi)存大小
    volumes:
      - /usr/local/elk/es/plugins:/usr/share/elasticsearch/plugins #插件文件掛載({宿主機目錄}：{容器目錄})
      - /usr/local/elk/es/data:/usr/share/elasticsearch/data #數(shù)據(jù)文件掛載({宿主機目錄}：{容器目錄})
      - /usr/local/elk/es/config/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml # 配置文件掛載({宿主機文件}：{容器文件})
    ports:
      - "9200:9200" #  {宿主機端口}:{容器端口}， 9200是ES節(jié)點與外部通訊使用的端口。它是http協(xié)議的RESTful接口（各種CRUD操作都是走的該端口,如查詢：http://localhost:9200/user/_search）
      - "9300:9300" # {宿主機端口}:{容器端口}， 9300是ES節(jié)點之間通訊使用的端口。它是tcp通訊端口，集群間和TCPclient都走的它。（java程序中使用ES時，在配置文件中要配置此端口）

  kibana: # 指定服務名
    image: kibana:7.17.5
    container_name: kibana-7.17.5
    restart: always
    volumes:
      - /usr/local/elk/kibana/config/kibana.yml:/usr/share/kibana/config/kibana.yml #掛載logstash的配置文件 {宿主機文件}:{容器文件}
      - /usr/local/elk/kibana/data:/usr/share/kibana/data #數(shù)據(jù)文件掛載({宿主機目錄}：{容器目錄})
    depends_on:
      - elasticsearch #kibana在elasticsearch啟動之后再啟動
    environment:
      - ELASTICSEARCH_URL=http://172.31.113.186:9200 #設置訪問elasticsearch的地址，不能寫localhost或者127.0.0.1，可以寫內(nèi)網(wǎng)（或公網(wǎng)）地址
    ports:
      - "5601:5601" # {宿主機端口}:{容器端口}

  logstash: # 指定服務名
    image: logstash:7.17.5
    container_name: logstash-7.17.5
    restart: always
    volumes:
      - /usr/local/elk/logstash/logstash.yml:/usr/share/logstash/config/logstash.yml #掛載logstash的配置文件 {宿主機文件}:{容器文件}
      - /usr/local/elk/logstash/logstash.conf:/usr/share/logstash/pipeline/logstash.conf #掛載logstash的數(shù)據(jù)傳輸配置文件 {宿主機文件}:{容器文件}
    depends_on:
      - elasticsearch #kibana在elasticsearch啟動之后再啟動
    ports:
      - "5044:5044" #{宿主機端口}:{容器端口}, logstash中輸入源涉及到的所有端口號都需要映射，5044為默認端口號

vim /usr/local/elk/es/config/elasticsearch.yml

network.host: 0.0.0.0  #使用的網(wǎng)絡
http.cors.enabled: true #跨域配置
http.cors.allow-origin: "*"
xpack.security.enabled: true  #開啟密碼配置
http.cors.allow-headers: Authorization
xpack.security.transport.ssl.enabled: true

# 創(chuàng)建配置文件logstash配置文件
vim /usr/local/elk/kibana/config/kibana.yml

server.host: "0.0.0.0"
server.shutdownTimeout: "5s"
elasticsearch.hosts: ["http://172.31.113.186:9200"] #es地址；不能寫localhost或者127.0.0.1，可以寫內(nèi)網(wǎng)（或公網(wǎng)）地址
i18n.locale: "zh-CN"  #漢化
elasticsearch.username: elastic # 設置賬號密碼
elasticsearch.password: elastic123
xpack.encryptedSavedObjects.encryptionKey: "fhjskloppd678ehkdfdlliverpoolfcr" # 任意不少于32位的字符即可， 官方解釋https://www.elastic.co/guide/en/kibana/7.16/alert-action-settings-kb.html#general-alert-action-settings

# 創(chuàng)建配置文件logstash.yml
vim /usr/local/elk/logstash/logstash.yml

http.host: "0.0.0.0"
xpack.monitoring.elasticsearch.hosts: [ "http://172.31.113.186:9200" ]  # es地址，不能寫localhost或者127.0.0.1，可以寫內(nèi)網(wǎng)（或公網(wǎng)）地址
xpack.monitoring.elasticsearch.username: "elastic"   # es賬號
xpack.monitoring.elasticsearch.password: "elastic123" # es密碼

# 創(chuàng)建配置文件logstash配置文件
vim /usr/local/elk/logstash/logstash.conf

# 數(shù)據(jù)輸入配置
input {
    # 從TCP套接字讀取數(shù)據(jù)
    tcp {
         mode => "server"
         host => "0.0.0.0"
         port => 5044 # 每個輸入源都可以使用不同的端口號
         codec => json_lines
    }

    # 從Elastic Beats框架（如filebeat）接收數(shù)據(jù)
    #beats {
    #    port => 5044
    #}
}

# 數(shù)據(jù)處理配置


# 數(shù)據(jù)輸出配置
output {
  elasticsearch {
    hosts => ["http://172.31.113.186:9200"] # es的地址和端口，不能寫localhost或者127.0.0.1，可以寫內(nèi)網(wǎng)（或公網(wǎng)）地址
    user => "elastic" # es的賬號密碼
    password => "elastic123" # es的賬號密碼
    index => "all-log-%{+YYYY.MM.dd}" # 索引（自定義即可，因為想要按天分索引，所以后面使用變量%{+YYYY.MM.dd}）
  }
}

# 報錯的話，嘗試切換至docker-compose.yml所在目錄執(zhí)行此指令試試 cd /usr/local/elk
# 啟動elk
docker-compose up -d
# docker-compose stop # 停止所有
# docker-compose rm # 移除所有

# 報錯的話，嘗試切換至docker-compose.yml所在目錄執(zhí)行此指令試試 cd /usr/local/elk
docker-compose ps

# docker exec -it {es容器名} /bin/bash
# 注：docker ps可查看容器名或容器id
docker exec -it elasticsearch-7.17.5 /bin/bash

./bin/elasticsearch-setup-passwords interactive

# docker-compose restart {服務名}
# 注：docker-compose.yaml中可查看服務名
docker-compose restart elasticsearch

# 分別檢查這三個的日志是否正常
docker-compose logs -f elasticsearch
docker-compose logs -f kibana
docker-compose logs -f logstash

# es端口
firewall-cmd --zone=public --add-port=9200/tcp --permanent
firewall-cmd --zone=public --add-port=9300/tcp --permanent
# kibina端口
firewall-cmd --zone=public --add-port=5601/tcp --permanent
# logstash端口(只設置了一個端口為5044的輸入源，這里只需要開放一個端口即可)
firewall-cmd --zone=public --add-port=5044/tcp --permanent
firewall-cmd --reload

<dependency>
    <groupId>net.logstash.logback</groupId>
    <artifactId>logstash-logback-encoder</artifactId>
    <version>7.2</version>
</dependency>

<?xml version="1.0" encoding="UTF-8"?>
<configuration>
    <springProperty name="appName" scope="context" source="spring.application.name"/>
    <springProperty name="serverPort" scope="context" source="server.port" defaultValue="0000"/>

    <property name="pattern"
              value="${appName}:${serverPort} %d{yyyy-MM-dd HH:mm:ss.SSS} %-5level [%X{traceId}] %thread %logger{50}:%L %msg%n"/>


    <appender name="consoleAppender" class="ch.qos.logback.core.ConsoleAppender">
        <encoder>
            <pattern>${pattern}</pattern>
            <charset class="java.nio.charset.Charset">UTF-8</charset>
        </encoder>
    </appender>


    <!--配置logstash 發(fā)送日志數(shù)據(jù)的地址 -->
    <appender name="LOGSTASH" class="net.logstash.logback.appender.LogstashTcpSocketAppender">
        <destination>{你的elk logstash地址}:5044</destination>
        <encoder charset="UTF-8" class="net.logstash.logback.encoder.LogstashEncoder" />
    </appender>

    <root level="INFO">
        <appender-ref ref="consoleAppender"/>
        <appender-ref ref="LOGSTASH"/>
    </root>

</configuration>

import com.alibaba.fastjson.JSON;
import lombok.extern.slf4j.Slf4j;
import org.springframework.boot.ApplicationArguments;
import org.springframework.boot.ApplicationRunner;
import org.springframework.boot.SpringApplication;
import org.springframework.boot.autoconfigure.SpringBootApplication;
import org.springframework.web.bind.annotation.RestController;

import java.time.LocalDateTime;

/**
 * start class
 */
@Slf4j
@RestController
@SpringBootApplication
public class DemoApplication implements ApplicationRunner {
    
    public static void main(String[] args) {
        SpringApplication.run(DemoApplication.class, args);
    }
    
    
    @Override
    public void run(ApplicationArguments args) throws Exception {
        CarInfoPO carInfo = new CarInfoPO();
        carInfo.setId(123L);
        carInfo.setStatus(0);
        carInfo.setCreatedAt(LocalDateTime.now());
        carInfo.setUpdatedAt(LocalDateTime.now());
        carInfo.setZjPlateNo("你好啊");
        carInfo.setZjRegionId("嘿嘿");
        log.info(JSON.toJSONStringWithDateFormat(carInfo, "yyyy-MM-dd HH:mm:ss"));
    }
}