This tutorial will guide the reader through the process of defining an ingestion spec, pointing out key considerations and guidelines.
For this tutorial, we'll assume you've already downloaded Druid as described in
the [single-machine quickstart](index.html) and have it running on your local machine.
It will also be helpful to have finished [Tutorial: Loading a file](/docs/VERSION/tutorials/tutorial-batch.html), [Tutorial: Querying data](/docs/VERSION/tutorials/tutorial-query.html), and [Tutorial: Rollup](/docs/VERSION/tutorials/tutorial-rollup.html).
Save the JSON contents above into a file called `ingestion-tutorial-data.json` in `quickstart/`.
Let's walk through the process of defining an ingestion spec that can load this data.
For this tutorial, we will be using the native batch indexing task. When using other task types, some aspects of the ingestion spec will differ, and this tutorial will point out such areas.
## Defining the schema
The core element of a Druid ingestion spec is the `dataSchema`. The `dataSchema` defines how to parse input data into a set of columns that will be stored in Druid.
Let's start with an empty `dataSchema` and add fields to it as we progress through the tutorial.
Create a new file called `ingestion-tutorial-index.json` in `quickstart/` with the following contents:
```json
"dataSchema" : {}
```
We will be making successive edits to this ingestion spec as we progress through the tutorial.
### Datasource name
The datasource name is specified by the `dataSource` parameter in the `dataSchema`.
```json
"dataSchema" : {
"dataSource" : "ingestion-tutorial",
}
```
Let's call the tutorial datasource `ingestion-tutorial`.
### Choose a parser
A `dataSchema` has a `parser` field, which defines the parser that Druid will use to interpret the input data.
Since our input data is represented as JSON strings, we'll use a `string` parser with `json` format:
The `parser` needs to know how to extract the main timestamp field from the input data. When using a `json` type `parseSpec`, the timestamp is defined in a `timestampSpec`.
The timestamp column in our input data is named "ts", containing ISO 8601 timestamps, so let's add a `timestampSpec` with that information to the `parseSpec`:
Now that we've defined the time column, let's look at definitions for other columns.
Druid supports the following column types: String, Long, Float, Double. We will see how these are used in the following sections.
Before we move on to how we define our other non-time columns, let's discuss `rollup` first.
### Rollup
When ingesting data, we must consider whether we wish to use rollup or not.
* If rollup is enabled, we will need to separate the input columns into two categories, "dimensions" and "metrics". "Dimensions" are the grouping columns for rollup, while "metrics" are the columns that will be aggregated.
* If rollup is disabled, then all columns are treated as "dimensions" and no pre-aggregation occurs.
For this tutorial, let's enable rollup. This is specified with a `granularitySpec` on the `dataSchema`.
Note that the `granularitySpec` lies outside of the `parser`. We will revist the `parser` soon when we define our dimensions and metrics.
The dimensions here are a group of properties that identify a unidirectional flow of IP traffic, while the metrics represent facts about the IP traffic flow specified by a dimension grouping.
Let's look at how to define these dimensions and metrics within the ingestion spec.
#### Dimensions
Dimensions are specified with a `dimensionsSpec` inside the `parseSpec`.
Each dimension has a `name` and a `type`, where `type` can be "long", "float", "double", or "string".
Note that `srcIP` is a "string" dimension; for string dimensions, it is enough to specify just a dimension name, since "string" is the default dimension type.
Also note that `protocol` is a numeric value in the input data, but we are ingesting it as a "string" column; Druid will coerce the input longs to strings during ingestion.
##### Strings vs. Numerics
Should a numeric input be ingested as a numeric dimension or as a string dimension?
Numeric dimensions have the following pros/cons relative to String dimensions:
* Pros: Numeric representation can result in smaller column sizes on disk and lower processing overhead when reading values from the column
* Cons: Numeric dimensions do not have indices, so filtering on them will often be slower than filtering on an equivalent String dimension (which has bitmap indices)
#### Metrics
Metrics are specified with a `metricsSpec` inside the `dataSchema`:
When defining a metric, it is necessary to specify what type of aggregation should be performed on that column during rollup.
Here we have defined long sum aggregations on the two long metric columns, `packets` and `bytes`, and a double sum aggregation for the `cost` column.
Note that the `metricsSpec` is on a different nesting level than `dimensionSpec` or `parseSpec`; it belongs on the same nesting level as `parser` within the `dataSchema`.
Note that we have also defined a `count` aggregator. The count aggregator will track how many rows in the original input data contributed to a "rolled up" row in the final ingested data.
### No rollup
If we were not using rollup, all columns would be specified in the `dimensionsSpec`, e.g.:
At this point, we are done defining the `parser` and `metricsSpec` within the `dataSchema` and we are almost done writing the ingestion spec.
There are some additional properties we need to set in the `granularitySpec`:
* Type of granularitySpec: `uniform` and `arbitrary` are the two supported types. For this tutorial, we will use a `uniform` granularity spec, where all segments have uniform interval sizes (for example, all segments cover an hour's worth of data).
* The segment granularity: what size of time interval should a single segment contain data for? e.g., `DAY`, `WEEK`
* The bucketing granularity of the timestamps in the time column (referred to as `queryGranularity`)
#### Segment granularity
Segment granularity is configured by the `segmentGranularity` property in the `granularitySpec`. For this tutorial, we'll create hourly segments:
We've now finished defining our `dataSchema`. The remaining steps are to place the `dataSchema` we created into an ingestion task spec, and specify the input source.
The `dataSchema` is shared across all task types, but each task type has its own specification format. For this tutorial, we will use the native batch ingestion task:
Now let's define our input source, which is specified in an `ioConfig` object. Each task type has its own type of `ioConfig`. The native batch task uses "firehoses" to read input data, so let's configure a "local" firehose to read the example netflow data we saved earlier: