ELK 是什麼?

ELK 指的是由 Elasticsearch、Logstash 和 Kibana 這三個開源軟體組成的日誌分析系統。這個系統用於收集、儲存、搜尋和分析大量日誌資料，並以視覺化圖表的方式呈現，以協助使用者進行應用程式和基礎設施的監控、故障排除與分析。
各個元件的功能：

• Elasticsearch (E)：一個分散式搜尋和分析引擎，作為 ELK 的核心，用於儲存和快速搜尋大量的結構化或非結構化資料。
• Logstash (L)：一個伺服器端數據處理管道，負責從多個來源收集、過濾、轉換資料，然後將處理過的資料傳送到 Elasticsearch。
• Kibana (K)：一個資料分析和可視化平台，提供使用者圖形介面來查詢、分析儲存在 Elasticsearch 中的資料，並以各種圖表（如長條圖、餅圖、線圖）和儀表板的形式呈現。(Google AI 摘要)

為什麼需要 ELK ?

因為專題需要用到監控日誌

安裝 ELK 的流程：

1.使用 VScode 編輯與 Portainer 綁定的 GitHub 儲存庫的 docker-compose.yml

• 在 docker-compose.yml 輸入：

  # ======= ELASTICSEARCH(官方分布式搜索和分析引擎) ========
  elasticsearch:
    container_name: elasticsearch
    image: docker.elastic.co/elasticsearch/elasticsearch:8.12.2
    environment:
      - discovery.type=single-node
      - xpack.security.enabled=true

      - xpack.security.transport.ssl.enabled=true
      - xpack.security.transport.ssl.certificate_authorities=/usr/share/elasticsearch/config/certs/ca/ca.crt
      - xpack.security.transport.ssl.certificate=/usr/share/elasticsearch/config/certs/elasticsearch/elasticsearch.crt
      - xpack.security.transport.ssl.key=/usr/share/elasticsearch/config/certs/elasticsearch/elasticsearch.key

      - xpack.security.http.ssl.enabled=true
      - xpack.security.http.ssl.certificate_authorities=/usr/share/elasticsearch/config/certs/ca/ca.crt
      - xpack.security.http.ssl.certificate=/usr/share/elasticsearch/config/certs/elasticsearch/elasticsearch.crt
      - xpack.security.http.ssl.key=/usr/share/elasticsearch/config/certs/elasticsearch/elasticsearch.key

      - ES_JAVA_OPTS=-Xms512m -Xmx512m
    volumes:
      - /opt/elk/certs:/usr/share/elasticsearch/config/certs:ro
      - /opt/elk/elasticsearch/elasticsearch:/usr/share/elasticsearch/data
    ports:
      - "9200:9200"
    networks:
      - elk_net

  # ======= LOGSTASH(輕量級伺服器端資料處理管道) ========
  logstash:
    container_name: logstash
    image: docker.elastic.co/logstash/logstash:8.12.2
    environment:
      - xpack.monitoring.enabled=true
      - xpack.monitoring.elasticsearch.hosts=[""]
      - xpack.monitoring.elasticsearch.ssl.certificate_authority="/usr/share/logstash/config/certs/ca.crt"
      - xpack.monitoring.elasticsearch.username=""
      - xpack.monitoring.elasticsearch.password=""
    volumes:
    - /opt/elk/logstash:/usr/share/logstash/pipeline:ro
    - /opt/elk/certs:/usr/share/logstash/config/certs:ro
    depends_on:
      - elasticsearch
    ports:
      - "5044:5044"
    networks:
      - elk_net

  # ======= KIBANA ========
  kibana:
    container_name: kibana
    image: docker.elastic.co/kibana/kibana:8.12.2
    environment:
      - ELASTICSEARCH_HOSTS=""
      - ELASTICSEARCH_SSL_CERTIFICATEAUTHORITIES=/usr/share/kibana/config/certs/ca/ca.crt
      - ELASTICSEARCH_USERNAME=""
      - ELASTICSEARCH_PASSWORD=""
      - xpack.security.enabled=true
      - SERVER_BASEPATH=/kibana
      - SERVER_REWRITEBASEPATH=true
      - SERVER_PUBLICBASEURL=""
    volumes:
      - /opt/elk/certs:/usr/share/kibana/config/certs:ro
      - /opt/elk/kibana/kibana.yml:/usr/share/kibana/config/kibana.yml:ro
    depends_on:
      - elasticsearch
    ports:
      - "5601:5601"
    networks:
      - elk_net

  # ======= filebeat(輕量級日誌傳送工具) =======
  filebeat:
    container_name: filebeat
    image: docker.elastic.co/beats/filebeat:8.12.2
    user: root
    depends_on:
      - logstash
    volumes:
      - /var/run/docker.sock:/var/run/docker.sock:ro
      - /var/lib/docker/containers:/var/lib/docker/containers:ro
      - /opt/elk/filebeat/filebeat.yml:/usr/share/filebeat/filebeat.yml:ro
      - /opt/elk/filebeat/filebeat:/usr/share/filebeat/data
      - /opt/elk/certs:/usr/share/filebeat/config/certs:ro
    networks:
      - elk_net

備註：(https://github.com/elastic/elasticsearch)
備註：(https://github.com/elastic/logstash)
備註：(https://github.com/elastic/kibana)

• 將 docker-compose.yml 推拉 GitHub 儲存庫

2. 進入 Portainer 後臺

• 點選「Stacks」->「Stack Name」->「Pull and redeploy」->勾選「Re-pull image and redeploy」->「Update」