【Docker】FluentdでとElasticsearchとRe:dashでログ管理

{ "type": "chatlog", "name": "hoge1", "text": "hoge1" }
{ "type": "chatlog", "name": "hoge2", "text": "hoge2" }
{ "type": "chatlog", "name": "hoge3", "text": "hoge3" }
{ "type": "chatlog", "name": "hoge4", "text": "hoge4" }
{ "type": "chatlog", "name": "hoge5", "text": "hoge5" }

$ mkdir ~/workspace
$ cd ~/workspace

$ mkdir fluentd
$ cd fluentd
$ mkdir plugins
$ vi Dockerfile
$ vi fluent.conf

FROM fluent/fluentd:latest-onbuild

USER fluent

WORKDIR /home/fluent
ENV PATH /home/fluent/.gem/ruby/2.3.0/bin:$PATH
RUN gem install fluent-plugin-secure-forward
RUN gem install fluent-plugin-elasticsearch

EXPOSE 24284

CMD fluentd -c /fluentd/etc/fluent.conf -p /fluentd/plugins -vv

<source>
  type tail
  path /var/log/hoge/[log file] # 収集するログファイル名を指定
  tag json.hoge
  pos_file /var/log/hoge/[log file].pos # 収集するログファイル名を指定
  format json
</source>

<match json.**>
  type copy

  <store>
    type stdout
  </store>

  <store>
    type elasticsearch
    host localhost   # elasticsearchのホスト
    port 9200        # elasticsearchのポート
    logstash_format true
  </store>
</match>

$ mkdir elasticsearch
$ cd elasticsearch
$ vi Dockerfile

FROM elasticsearch

RUN bin/plugin install mobz/elasticsearch-head

EXPOSE 9200

CMD ["bin/elasticsearch", "-Des.insecure.allow.root=true"]

$ cd ~/workspace
$ vi docker-compose.yml

elasticsearch:
  build: elasticsearch
  ports:
    - 9200:9200
fluentd:
  build: fluentd
  ports:
    - 24284:24284
  volumes:
    - [log folder]:/var/log/hoge # 収集するログフォルダを指定

$ docker-compose up

http://[IP]:9200/_plugin/head/

http://[IP]:9200