Filebeat + ZincSearch 轻量级日志
Filebeat:轻量级日志采集工具;
Zinc:ElasticSearch 的轻量级替代,其 API 可与 ES 通用;
本文采用 Filebeat 采集日志,输出到 Zinc 进行存储与展示。
Filebeat(GO开发) 虽然功能更精简,但是上手更快,特别是占用资源大大减少。
ElasticSearch 过于笨重,本文采用 ZincSearch 替代 ES。
安装 ZincSearch
下载对应版本:Releases · zinclabs/zinc (github.com)
Docker Compose安装:
version : '3'
services:
zincsearch:
image: public.ecr.aws/zinclabs/zincsearch:latest
container_name: zincsearch
extra_hosts:
- "host.docker.internal:host-gateway"
volumes:
- /root/zincsearch/data/:/data
environment:
ZINC_DATA_PATH: "/data"
ZINC_FIRST_ADMIN_USER: admin
ZINC_FIRST_ADMIN_PASSWORD: 123456
ports:
- "8000:4080"
restart: always
deploy:
resources:
limits:
memory: 1000m
filebeat:
image: docker.elastic.co/beats/filebeat:8.5.0
container_name: filebeat
restart: always
privileged: true
user: root
extra_hosts:
- "host.docker.internal:host-gateway"
volumes:
- /var/lib/docker/containers:/var/lib/docker/containers:ro
- /root/zincsearch/filebeat.yml:/usr/share/filebeat/filebeat.yml
- /var/run/docker.sock:/var/run/docker.sock:ro
deploy:
resources:
limits:
memory: 1000m
filebeat.yml:
processors:
- add_cloud_metadata: ~
- add_docker_metadata: ~
setup.ilm.enabled: false
filebeat.autodiscover:
providers:
- type: docker
hints.enabled: true
templates:
- condition:
or:
- equals.docker.container.name: "filebeat"
- equals.docker.container.name: "kibana"
- equals.docker.container.name: "es"
- equals.docker.container.name: "redis"
- equals.docker.container.name: "elastalert"
- equals.docker.container.name: "zincsearch"
config:
processors:
- drop_event: ~
filebeat.config:
modules:
path: ${path.config}/modules.d/*.yml
reload.enabled: false
output.elasticsearch:
hosts: ['http://zincsearch:4080']
path: '/es/'
#index: "docker-log-%{+yyyy.MM.dd}"
username: "admin"
password: "123456"
#允许使用低版本的ES
#allow_older_versions: true
============ 欢迎各位老板打赏~ ===========
与本文相关的文章
