1. docker-compose.yml

version: "2"

services:

  elasticsearch:

    image: docker.io/elasticsearch:5.6.5

    environment:

      - "ES_JAVA_OPTS=-Xms512m -Xmx512m"

    volumes:

      - ./elasticsearch/data:/usr/share/elasticsearch/data

    container_name: elasticsearch565

    hostname: elasticsearch

    restart: always

    ports:

      - "9200:9200"

      - "9300:9300"

  kibana:

    image: docker.io/kibana:5.6.5

    environment:

      - ELASTICSEARCH_URL=http://elasticsearch:9200

    container_name: kibana565

    hostname: kibana

    depends_on:

      - elasticsearch

    restart: always

    ports:

      - "5601:5601"

  filebeat:

      image: docker.elastic.co/beats/filebeat:5.6.5

      volumes:

        - ./filebeat/filebeat.yml:/usr/share/filebeat/filebeat.yml

        - ./log:/tmp

      container_name: filebeat565

      hostname: filebeat

      restart: always

      privileged: true

      depends_on:

        - elasticsearch

2. 當(dāng)前路徑下創(chuàng)建filebeat目錄，并寫入文件filebeat.yml

filebeat:

  prospectors:

    - input_type: log

      paths:  # 這里是容器內(nèi)的path

          - /tmp/*

  registry_file: /usr/share/filebeat/data/registry/registry  # 這個(gè)文件記錄日志讀取的位置，如果容器重啟，可以從記錄的位置開始取日志

output:

  elasticsearch:  # 我這里是輸出到elasticsearch，也可以輸出到logstash

    index: "test_filebeat"  #  kibana中的索引

    hosts: ["elasticsearch:9200"] # elasticsearch地址

3. 進(jìn)入kibana容器修改配置及漢化

將配置文件kibana.yml中下面一項(xiàng)的配置放開（#注釋符去掉）即可：

kibana.index: ".kibana"

進(jìn)行漢化操作：

wget https://github.com/anbai-inc/Kibana_Hanization/archive/master.zip

unzip master.zip

cd master

查看readme.md，對(duì)相應(yīng)版本進(jìn)行相應(yīng)操作后重啟