-
Notifications
You must be signed in to change notification settings - Fork 3
/
Copy pathELK.init.sh
121 lines (88 loc) · 2.8 KB
/
ELK.init.sh
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
if [ $0 = 'ELK.init.sh' ];then
echo "Usage: source $0"
fi
export ELK_version=6.5.0
export IP_ELK_E=${IP_ELK_E:-"127.0.0.1"}
ELK_install--xpack-license-path() {
license_path=$1
curl -XPUT \
-u elastic:changeme \
"http://${IP_ELK_E}:9200/_xpack/license?acknowledge=true" \
-H "Content-Type: application/json" \
-d @${license_path}
}
ELK_elasticsearch() {
n=${FUNCNAME[0]}
docker stop $n
docker rm $n
data_path=$(pwd)/../docker-data/$n
mkdir -p $data_path
chmod 777 $data_path
docker run --name $n \
--net host \
-d --restart unless-stopped \
-e "discovery.type=single-node" \
-e ES_JAVA_OPTS="-Xms3g -Xmx3g" \
-v $data_path:/usr/share/elasticsearch/data \
docker.elastic.co/elasticsearch/elasticsearch:$ELK_version
cat << EOL
Doc: https://www.elastic.co/guide/en/elasticsearch/reference/current/docker.html
Health: http://elastic:changeme@$IP_ELK_E:9200/_cat/health
List indices: http://$IP_ELK_E:9200/_cat/indices?v
List all records: http://$IP_ELK_E:9200/<index_name>/_search?pretty=true&q=*:*&size=3
EOL
}
ELK_logstash() {
n=${FUNCNAME[0]}
docker stop $n
docker rm $n
docker run --name $n \
--net host \
-d --restart unless-stopped \
-e amqp_host="$IP_AMQP" \
-e amqp_vhost="/" \
-e amqp_user=guest \
-e amqp_passwd=guest \
-e CONFIG_RELOAD_AUTOMATIC=true \
-e IP_ELK_E=$IP_ELK_E \
--add-host="elasticsearch:$IP_ELK_E" \
-v $(pwd)/${n}.conf.d/pipeline/:/usr/share/logstash/pipeline/ \
docker.elastic.co/logstash/logstash:$ELK_version
cat << EOL
Doc: https://www.elastic.co/guide/en/logstash/current/_pulling_the_image.html
Check Status: http://$IP_ELK_L:9600/_node/?pretty
EOL
}
ELK_kibana() {
n=${FUNCNAME[0]}
docker stop $n
docker rm $n
docker run --name $n \
--net host \
-d --restart unless-stopped \
--add-host="elasticsearch:$IP_ELK_E" \
docker.elastic.co/kibana/kibana:$ELK_version
cat << EOL
Doc: https://www.elastic.co/guide/en/kibana/current/index.html
Login: http://$IP_ELK_K:5601
EOL
}
ELK_packetbeat() {
n=${FUNCNAME[0]}
docker stop $n
docker rm $n
docker run --name $n \
--net host \
-d --restart unless-stopped \
--cap-add=NET_ADMIN \
--privileged \
--add-host="elasticsearch:$IP_ELK_E" \
-v $(pwd)/ELK_packetbeat.conf.d/packetbeat.yml:/usr/share/packetbeat/packetbeat.yml \
docker.elastic.co/beats/packetbeat:$ELK_version
cat << EOL
exporting data to elasticsearch: $IP_ELK_E
Doc: https://www.elastic.co/guide/en/beats/packetbeat/current/index.html
Sample dashboard: https://www.elastic.co/guide/en/beats/packetbeat/current/packetbeat-sample-dashboards.html
docker exec -it $n ./scripts/import_dashboards -user elastic -pass changeme
EOL
}