elasticsearch 如何运行需要Elasticsearch验证的beat容器,elasticsearch,docker-compose,elastic-stack,filebeat,elasticsearch,Docker Compose,Elastic Stack,Filebeat" /> elasticsearch 如何运行需要Elasticsearch验证的beat容器,elasticsearch,docker-compose,elastic-stack,filebeat,elasticsearch,Docker Compose,Elastic Stack,Filebeat" />
Fatal编程技术网
  • elasticsearch/
  • elasticsearch 如何运行需要Elasticsearch验证的beat容器

elasticsearch 如何运行需要Elasticsearch验证的beat容器

docker-compose

elasticsearch 如何运行需要Elasticsearch验证的beat容器,elasticsearch,docker-compose,elastic-stack,filebeat,elasticsearch,Docker Compose,Elastic Stack,Filebeat,主要用途:我想使用Logstash收集依赖于远程服务器的日志文件 我的麋鹿堆栈是使用docker-compose.yml创建的 version: '3.3' services: elasticsearch: image: docker.elastic.co/elasticsearch/elasticsearch:7.5.1 ports: - "9200:9200" - "9300:9300" volume

主要用途:我想使用Logstash收集依赖于远程服务器的日志文件

我的麋鹿堆栈是使用docker-compose.yml创建的

version: '3.3'
services:
  elasticsearch:
    image: docker.elastic.co/elasticsearch/elasticsearch:7.5.1
    ports:
      - "9200:9200"
      - "9300:9300"
    volumes:
      - '/share/elk/elasticsearch/config/elasticsearch.yml:/usr/share/elasticsearch/config/elasticsearch.yml:ro'
    environment:
      ES_JAVA_OPTS: "-Xmx512m -Xms256m"
      ELASTIC_PASSWORD: changeme
      discovery.type: single-node
    networks:
      - elk
    deploy:
      mode: replicated
      replicas: 1
  logstash:
    image: docker.elastic.co/logstash/logstash:7.5.1
    ports:
      - "5000:5000"
      - "9600:9600"
    volumes:
      - '/share/elk/logstash/config/logstash.yml:/usr/share/logstash/config/logstash.yml:ro'
      - '/share/elk/logstash/pipeline/logstash.conf:/usr/share/logstash/pipeline/logstash.conf:ro'
    environment:
      LS_JAVA_OPTS: "-Xmx512m -Xms256m"
    networks:
      - elk
    deploy:
      mode: replicated
      replicas: 1
      
  kibana:
    image: docker.elastic.co/kibana/kibana:7.5.1
    ports:
      - "5601:5601"
    volumes:
      - '/share/elk/kibana/config/kibana.yml:/usr/share/kibana/config/kibana.yml:ro'
    networks:
      - elk
    deploy:
      mode: replicated
      replicas: 1

networks:
  elk:
    driver: overlay
然后我想在目标主机上安装一个filebeat,以便向ELK主机发送日志

docker run docker.elastic.co/beats/filebeat-oss:7.5.1 setup \
-E setup.kibana.host=x.x.x.x:5601  \
-E ELASTIC_PASSWORD="changeme" \
-E output.elasticsearch.hosts=["x.x.x.x:9200"]
但一旦按下回车键,就会出现错误

Exiting: Couldn't connect to any of the configured Elasticsearch hosts. Errors: [Error connection to Elasticsearch http://x.x.x.x:9200: 401 Unauthorized: {"error":{"root_cause":[{"type":"security_exception","reason":"missing authentication credentials for REST request [/]","header":{"WWW-Authenticate":"Basic realm=\"security\" charset=\"UTF-8\""}}],"type":"security_exception","reason":"missing authentication credentials for REST request [/]","header":{"WWW-Authenticate":"Basic realm=\"security\" charset=\"UTF-8\""}},"status":401}]
还尝试了
-E ELASTICS\u USERNAME=“elastic”
错误仍然存在

您应该禁用基本的x-pack安全性,默认情况下,该安全性在Elasticsearch 7.x版本的ES docker image环境变量下启用,如下所述,并启动ES docker容器

xpack.security.enabled : false
在此之后,无需通过
ES
creds,您也可以从ES环境中删除以下内容。变量:

ELASTIC_PASSWORD: changeme
另一个问题:问题401已经解决了,但我仍然不能把容器提出来,它说。。。索引设置已完成。加载仪表板(Kibana必须运行且可访问)加载的仪表板退出:1错误:为apache_ecs设置ML时出错:无法使用前缀设置ML:filebeat-apache_ecs-access--@BTH.S3这是您在问题中提出的完全无关的问题,我建议您进行投票,接受我的回答,并提出一个包含相关信息的新问题,以便对社区更有用,接触更多用户。我将更新标签,并尝试添加我对您的新问题的评论:)