1.拉取镜像，docker pull logstash:8.4.3

2.启动服务，docker run -d --name logstash --network elastic -p 9600:9600 -p 5044:5044 --restart always logstash:8.4.3

3.本地文件映射，docker cp logstash:/usr/share/logstash/config /d/code/elk/logstash
   docker cp logstash:/usr/share/logstash/pipeline /d/code/elk/logstash

4.拷贝证书，cp /d/code/elk/elasticsearch/config/certs /d/code/elk/logstash/config/certs -r

5.修改logstash.yml文件，vi /d/code/elk/logstash/config/logstash.yml，追加elasticsearch相关认证信息

6.修改logstash.conf文件，vi /d/code/elk/logstash/pipeline/logstash.conf，追加输出源elasticsearch相关信息，包括hosts、index、用户名、密码、证书等

7.重启服务，power shell执行，docker run -it -d --name logstash -p 9600:9600 -p 5044:5044 --net elastic -v d:\code\elk\logstash\config:/usr/share/logstash/config -v d:\code\elk\logstash\pipeline:/usr/share/logstash/pipeline -v d:\code\elk\logstash\datasource\demo:/usr/share/logstash/data/demo logstash:8.4.3