Kubernetes compose orchestra for EFK:ElasticSech(With Curator、ElastAlert)、Fluentd、Kibana
kubectl label nodes your-desired-node efk-node=truecp -a .env.example .envand update it (avoid the # char)./deploy- 创建
ES索引- 创建日志存储的索引(要求使用
@timestamp字段存储时间) - 进入
elastalert容器中执行命令python /opt/elastalert/elastalert/create_index.py创建elastalert的状态存储索引
- 创建日志存储的索引(要求使用
Kibana配置- 目标检索的
index pattern:php.error-*、application.error-*
- 目标检索的
- https://github.com/giantswarm/kubernetes-elastic-stack
- https://github.com/elastic/examples/tree/master/Miscellaneous/docker/full_stack_example
- https://github.com/kubernetes/kubernetes/tree/master/cluster/addons/fluentd-elasticsearch
- https://github.com/kayrus/elk-kubernetes
- https://github.com/kubernetes/charts/tree/master/stable/elastalert
- https://github.com/fluent/fluentd-kubernetes-daemonset