ELK 설치

2022. 11. 16. 20:39

mac에 docker 설치 후 docker 사용해 elk 구축하기

1. docker 설치

https://imsseong.tistory.com/34

mac에 docker 설치

저는 macOS Ventura intel칩 버전입니다! 1. os에 맞게 다운로드해주세요. https://www.docker.com/ Docker: Accelerated, Containerized Application Development Docker is a platform designed to help developers build, share, and run modern applic

imsseong.tistory.com

2. docker-elk 설치

terminal에 입력

git clone https://github.com/deviantony/docker-elk.git
cd docker-elk

3. elasticsearch 설정 변경

vi elasticsearch/config/elasticsearch.yml

하단에 xpack.monitoring.collection.enabled: true 추가

---
## Default Elasticsearch configuration from Elasticsearch base image.
## https://github.com/elastic/elasticsearch/blob/main/distribution/docker/src/docker/config/elasticsearch.yml
#
cluster.name: "docker-cluster"
network.host: 0.0.0.0

## X-Pack settings
## see https://www.elastic.co/guide/en/elasticsearch/reference/current/security-settings.html
#
xpack.license.self_generated.type: trial
xpack.security.enabled: true
xpack.monitoring.collection.enabled: true

4. kibana 설정 변경

vi kibana/config/kibana.yml

elasticsearch.password: 패스워드 변경

5. logstash 설정 변경

vi logstash/config/logstash.yml

---
## Default Logstash configuration from Logstash base image.
## https://github.com/elastic/logstash/blob/main/docker/data/logstash/config/logstash-full.yml
#
http.host: "0.0.0.0"

xpack.monitoring.elasticsearch.hosts: [ "http://elasticsearch:9200" ]

 vi logstash/pipeline/logstash.conf

input {
        beats {
                port => 5044
        }

        tcp {
                port => 50000
                codec => json_lines
                type => logstash
        }
}

## Add your filters / logstash plugins configuration here

output {
        stdout {
        }
        elasticsearch {
                hosts => "elasticsearch:9200"
                index => "logstash-%{+YYYY.MM.dd}"
                user => "elastic"
                password => "패스워드"
        }
}

6. docker-compose.yml

vi docker-compose.yml

ELASTIC_PASSWORD: 패스워드 변경

7. 실행

docker-compose build && docker-compose up -d

실행이 안됐습니다. ㅠㅠ

8. 에러 해결

에러: value of "elastic" is forbidden. This is a superuser account that cannot write to system indices that Kibana needs to function. Use a service account token instead.

해결: elasticsearch 인증을 token으로 변경

elasticsearch 터미널창 열고 토큰 발급

bin/elasticsearch-service-tokens create elastic/kibana my-token

SERVICE_TOKEN elastic/kibana/my-token = [AA~]

토큰 리스트 확인

bin/elasticsearch-service-tokens list

토큰 값 복사 후 kibana 설정 다시 변경해줍니다.

username과 password는 주석 처리 후 token값을 넣어줍니다.

vi kibana/config/kibana.yml

#elasticsearch.username: elastic
#elasticsearch.password: 패스워드
elasticsearch.serviceAccountToken: 토큰값

9. 재실행

docker-compose build && docker-compose up -d

10. 접속

http://localhost:9200/

http://localhost:5601/

저작자표시 비영리

'Web Programming > SPRINGBOOT' 카테고리의 다른 글

장애 탐지 및 알람 (0)	2022.11.24
Spring Elk 연동 (0)	2022.11.17
mac에 docker 설치 (0)	2022.11.16
docker redis 설치 (0)	2021.02.17
Http를 통한 양방향 통신 (0)	2021.02.16

데일리썽