Docker and OS X

I'm using Docker on my iMac to run the 'sebp/elk' image. This works well, so if you are going to be working on an iMac, install Docker, pull the 'sebp/elk' image and get to work. Start the image, pop into the container and get to work running the triominos application and digesting the data. If you are working on a MBPro, you need to be careful as to which model year you are working with. My MacBook Pro 2017 runs docker just fine, but my MacBook Pro Mid 2009 won't. It required me to install the Docker Toolkit, which uses VirtualBox as the boot2docker host. This requires us to so a little bit of tinkering with the linux VirtualBox running boot2docker. In this case, I had to modify the default max_map_count value to 262144, the minimum needed for us to run the 'sebp/elk' container. Load the VirtualBox application and open the console. This is the boot2docker host that is going to (or already is) running our 'sebp/elk' container. In the console for the host, Remember, I'm not talking about the OS X terminal, but the Oracle VM VirtualBox console, we need to modify the '/etc/sysctl.conf' file to add the 'vm.max_map_count' value to 262144.

sudo sysctl -w vm.max_map_count=262144

Now that the value is modified, let's reload the configuration changes in the VirtualBox console using

sysctl --system

Finally, after you see the new values loaded, you can restart the 'sebp/elk' container with the command

docker restart elk

The elk container should be up and running, and now we can get back to work getting logstash to consume our text logs.

Running 'triominos'

To run the application, we need to share a folder with the container. This allows us to copy all necessary files we need to a common folder, in this case ~/workspace/elk, and allow the VM to access those files. We copy over triominos.jar, log stash-triominos.conf, and any other file needed for our execution. You can run the 'triominos' application using the command line

java -jar triominos.jar -g 100

This will play triominos 100 times, logging the data to the logs directory. From there, you can process the POJO Event files using the following command line

java -jar triominos.jar -a

This command will run through each of the POJO Event files and convert them to both JSON and TXT files. These TXT files are the ones processed by the logstash-triominos.conf file, shoving the data into Elasticsearch so it can be viewed by Kibana.