mirror of https://github.com/apache/druid.git
1110 lines
58 KiB
TeX
1110 lines
58 KiB
TeX
\documentclass{acm_proc_article-sp}
|
||
\usepackage{graphicx}
|
||
\usepackage{balance}
|
||
\usepackage{fontspec}
|
||
\setmainfont[Ligatures={TeX}]{Times}
|
||
\usepackage{hyperref}
|
||
\graphicspath{{figures/}}
|
||
\usepackage{enumitem}
|
||
|
||
\hyphenation{metamarkets nelson}
|
||
|
||
\begin{document}
|
||
|
||
% ****************** TITLE ****************************************
|
||
|
||
\title{Druid: A Real-time Analytical Data Store}
|
||
|
||
% ****************** AUTHORS **************************************
|
||
|
||
\numberofauthors{6}
|
||
\author{
|
||
\alignauthor Fangjin Yang, Eric Tschetter, Xavier Léauté, Nelson Ray, Gian Merlino, Deep Ganguli\\
|
||
\email{\{fangjin, cheddar, xavier, nelson, gian, deep\}@metamarkets.com}
|
||
}
|
||
\date{21 March 2013}
|
||
|
||
\maketitle
|
||
|
||
\begin{abstract}
|
||
Druid is an open
|
||
source\footnote{\href{https://github.com/metamx/druid}{https://github.com/metamx/druid}}
|
||
data store designed for real-time exploratory analytics on large data sets.
|
||
The system combines a column-oriented storage layout, a distributed,
|
||
shared-nothing architecture, and an advanced indexing structure to allow for
|
||
the arbitrary exploration of billion-row tables with sub-second latencies. In
|
||
this paper, we describe Druid's architecture, and detail how it supports fast
|
||
aggregations, flexible filters, and low latency data ingestion.
|
||
\end{abstract}
|
||
|
||
\section{Introduction}
|
||
In recent years, the proliferation of internet technology has
|
||
created a surge in machine-generated events. Individually, these
|
||
events contain minimal useful information and are of low value. Given the
|
||
time and resources required to extract meaning from large collections of
|
||
events, many companies were willing to discard this data instead. Although
|
||
infrastructure has been built to handle event based data (e.g. IBM's
|
||
Netezza\cite{singh2011introduction}, HP's Vertica\cite{bear2012vertica}, and EMC's
|
||
Greenplum\cite{miner2012unified}), they are largely sold at high price points
|
||
and are only targeted towards those companies who can afford the offering.
|
||
|
||
A few years ago, Google introduced MapReduce \cite{dean2008mapreduce} as their
|
||
mechanism of leveraging commodity hardware to index the internet and analyze
|
||
logs. The Hadoop \cite{shvachko2010hadoop} project soon followed and was
|
||
largely patterned after the insights that came out of the original MapReduce
|
||
paper. Hadoop is currently deployed in many organizations to store and analyze
|
||
large amounts of log data. Hadoop has contributed much to helping companies
|
||
convert their low-value event streams into high-value aggregates for a variety
|
||
of applications such as business intelligence and A-B testing.
|
||
|
||
As with a lot of great systems, Hadoop has opened our eyes to a new space of
|
||
problems. Specifically, Hadoop excels at storing and providing access to large
|
||
amounts of data, however, it does not make any performance guarantees around
|
||
how quickly that data can be accessed. Furthermore, although Hadoop is a
|
||
highly available system, performance degrades under heavy concurrent load.
|
||
Lastly, while Hadoop works well for storing data, it is not optimized for
|
||
ingesting data and making that data immediately readable.
|
||
|
||
Early on in the development of the Metamarkets product, we ran into each of
|
||
these issues and came to the realization that Hadoop is a great back-office,
|
||
batch processing, and data warehousing system. However, as a company that has
|
||
product-level guarantees around query performance and data availability in a
|
||
highly concurrent environment (1000+ users), Hadoop wasn't going to meet our
|
||
needs. We explored different solutions in the space, and after
|
||
trying both Relational Database Management Systems and NoSQL architectures, we
|
||
came to the conclusion that there was nothing in the open source world that
|
||
could be fully leveraged for our requirements.
|
||
|
||
We ended up creating Druid, an open-source, distributed, column-oriented,
|
||
realtime analytical data store. In many ways, Druid shares similarities with
|
||
other OLAP systems \cite{oehler2012ibm, schrader2009oracle, lachev2005applied},
|
||
interactive query systems \cite{melnik2010dremel}, main-memory databases
|
||
\cite{farber2012sap}, and widely-known distributed data stores
|
||
\cite{chang2008bigtable, decandia2007dynamo, lakshman2010cassandra}. The
|
||
distribution and query model also borrow ideas from current generation search
|
||
infrastructure \cite{linkedin2013senseidb, apache2013solr,
|
||
banon2013elasticsearch}.
|
||
|
||
This paper describes the architecture of Druid, explores the various design
|
||
decisions made in creating an always-on production system that powers a hosted
|
||
service, and attempts to help inform anyone who faces a similar problem about a
|
||
potential method of solving it. Druid is deployed in production at several
|
||
technology
|
||
companies\footnote{\href{http://druid.io/druid.html}{http://druid.io/druid.html}}.
|
||
|
||
The structure of the paper is as follows: we first describe the problem in
|
||
Section \ref{sec:problem-definition}. Next, we detail system architecture from
|
||
the point of view of how data flows through the system in Section
|
||
\ref{sec:architecture}. We then discuss how and why data gets converted into a
|
||
binary format in Section \ref{sec:storage-format}. We briefly describe the
|
||
query API in Section \ref{sec:query-api} and present performance results
|
||
in Section \ref{sec:benchmarks}. Lastly, we leave off with our lessons from
|
||
running Druid in production in Section \ref{sec:production}, and related work
|
||
in Section \ref{sec:related}.
|
||
|
||
\section{Problem Definition}
|
||
\label{sec:problem-definition}
|
||
|
||
Druid was originally designed to solve problems around ingesting and exploring
|
||
large quantities of transactional events (log data). This form of timeseries
|
||
data is commonly found in OLAP workflows and the nature of the data tends to be
|
||
very append heavy. For example, consider the data shown in
|
||
Table~\ref{tab:sample_data}. Table~\ref{tab:sample_data} contains data for
|
||
edits that have occurred on Wikipedia. Each time a user edits a page in
|
||
Wikipedia, an event is generated that contains metadata about the edit. This
|
||
metadata is comprised of 3 distinct components. First, there is a timestamp
|
||
column indicating when the edit was made. Next, there are a set dimension
|
||
columns indicating various attributes about the edit such as the page that was
|
||
edited, the user who made the edit, and the location of the user. Finally,
|
||
there are a set of metric columns that contain values (usually numeric) that
|
||
can be aggregated, such as the number of characters added or removed in an
|
||
edit.
|
||
|
||
\begin{table*}
|
||
\centering
|
||
\label{tab:sample_data}
|
||
\begin{tabular}{| l | l | l | l | l | l | l | l |}
|
||
\hline
|
||
\textbf{Timestamp} & \textbf{Page} & \textbf{Username} & \textbf{Gender} & \textbf{City} & \textbf{Characters Added} & \textbf{Characters Removed} \\ \hline
|
||
2011-01-01T01:00:00Z & Justin Bieber & Boxer & Male & San Francisco & 1800 & 25 \\ \hline
|
||
2011-01-01T01:00:00Z & Justin Bieber & Reach & Male & Waterloo & 2912 & 42 \\ \hline
|
||
2011-01-01T02:00:00Z & Ke\$ha & Helz & Male & Calgary & 1953 & 17 \\ \hline
|
||
2011-01-01T02:00:00Z & Ke\$ha & Xeno & Male & Taiyuan & 3194 & 170 \\ \hline
|
||
\end{tabular}
|
||
\caption{Sample Druid data for edits that have occurred on Wikipedia.}
|
||
\end{table*}
|
||
|
||
Our goal is to rapidly compute drill-downs and aggregates over this data. We
|
||
want to answer questions like “How many edits were made on the page Justin
|
||
Bieber from males in San Francisco?” and “What is the average number of
|
||
characters that were added by people from Calgary over the span of a month?”. We also
|
||
want queries over any arbitrary combination of dimensions to return with
|
||
sub-second latencies.
|
||
|
||
The need for Druid was facilitated by the fact that existing open source
|
||
Relational Database Management Systems (RDBMS) and NoSQL key/value stores were
|
||
unable to provide a low latency data ingestion and query platform for
|
||
interactive applications \cite{tschetter2011druid}. In the early days of
|
||
Metamarkets, we were focused on building a hosted dashboard that would allow
|
||
users to arbitrary explore and visualize event streams. The data store
|
||
powering the dashboard needed to return queries fast enough that the data
|
||
visualizations built on top of it could provide users with an interactive
|
||
experience.
|
||
|
||
In addition to the query latency needs, the system had to be multi-tenant and
|
||
highly available. The Metamarkets product is used in a highly concurrent
|
||
environment. Downtime is costly and many businesses cannot afford to wait if a
|
||
system is unavailable in the face of software upgrades or network failure.
|
||
Downtime for startups, who often lack proper internal operations management, can
|
||
determine business success or failure.
|
||
|
||
Finally, another key problem that Metamarkets faced in its early days was to
|
||
allow users and alerting systems to be able to make business decisions in
|
||
"real-time". The time from when an event is created to when that
|
||
event is queryable determines how fast users and systems are able to react to
|
||
potentially catastrophic occurrences in their systems. Popular open source data
|
||
warehousing systems such as Hadoop were unable to provide the sub-second data ingestion
|
||
latencies we required.
|
||
|
||
The problems of data exploration, ingestion, and availability span multiple
|
||
industries. Since Druid was open sourced in October 2012, it been deployed as a
|
||
video, network monitoring, operations monitoring, and online advertising
|
||
analytics platform in multiple companies.
|
||
|
||
\section{Architecture}
|
||
\label{sec:architecture}
|
||
A Druid cluster consists of different types of nodes and each node type is
|
||
designed to perform a specific set of things. We believe this design separates
|
||
concerns and simplifies the complexity of the system. The different node types
|
||
operate fairly independent of each other and there is minimal interaction
|
||
between them. Hence, intra-cluster communication failures have minimal impact
|
||
on data availability. To solve complex data analysis problems, the different
|
||
node types come together to form a fully working system. The name Druid comes
|
||
from the Druid class in many role-playing games: it is a shape-shifter, capable
|
||
of taking on many different forms to fulfill various different roles in a
|
||
group. The composition of and flow of data in a Druid cluster are shown in
|
||
Figure~\ref{fig:cluster}.
|
||
|
||
\begin{figure*}
|
||
\centering
|
||
\includegraphics[width = 4.5in]{cluster}
|
||
\caption{An overview of a Druid cluster and the flow of data through the cluster.}
|
||
\label{fig:cluster}
|
||
\end{figure*}
|
||
|
||
\newpage
|
||
\subsection{Real-time Nodes}
|
||
\label{sec:realtime}
|
||
Real-time nodes encapsulate the functionality to ingest and query event
|
||
streams. Events indexed via these nodes are immediately available for querying.
|
||
The nodes are only concerned with events for some small time range and
|
||
periodically hand off immutable batches of events they've collected over this
|
||
small time range to other nodes in the Druid cluster that are specialized in
|
||
dealing with batches of immutable events. Real-time nodes leverage Zookeeper
|
||
\cite{hunt2010zookeeper} for coordination with the rest of the Druid cluster.
|
||
The nodes announce their online state and the data they are serving in
|
||
Zookeeper.
|
||
|
||
Real-time nodes maintain an in-memory index buffer for all incoming events.
|
||
These indexes are incrementally populated as new events are ingested and the
|
||
indexes are also directly queryable. Druid behaves as a row store
|
||
for queries on events that exist in this JVM heap-based buffer. To avoid heap
|
||
overflow problems, real-time nodes persist their in-memory indexes to disk
|
||
either periodically or after some maximum row limit is reached. This persist
|
||
process converts data stored in the in-memory buffer to a column oriented
|
||
storage format described in Section \ref{sec:storage-format}. Each persisted
|
||
index is immutable and real-time nodes load persisted indexes into off-heap
|
||
memory such that they can still be queried. This process is described in detail
|
||
in \cite{o1996log} and is illustrated in Figure~\ref{fig:realtime_flow}.
|
||
|
||
\begin{figure}
|
||
\centering
|
||
\includegraphics[width = 2.6in]{realtime_flow}
|
||
\caption{Real-time nodes first buffer events in memory. On a periodic basis,
|
||
the in-memory index is persisted to disk. On another periodic basis, all
|
||
persisted indexes are merged together and handed off. Queries will hit the
|
||
in-memory index and the persisted indexes.}
|
||
\label{fig:realtime_flow}
|
||
\end{figure}
|
||
|
||
On a periodic basis, each real-time node will schedule a background task that
|
||
searches for all locally persisted indexes. The task merges these indexes
|
||
together and builds an immutable block of data that contains all the events
|
||
that have ingested by a real-time node for some span of time. We refer to this
|
||
block of data as a "segment". During the handoff stage, a real-time node
|
||
uploads this segment to a permanent backup storage, typically a distributed
|
||
file system such as S3 \cite{decandia2007dynamo} or HDFS
|
||
\cite{shvachko2010hadoop}, which Druid refers to as "deep storage". The ingest,
|
||
persist, merge, and handoff steps are fluid; there is no data loss during any
|
||
of the processes.
|
||
|
||
Figure~\ref{fig:realtime_timeline} illustrates the operations of a real-time
|
||
node. The node starts at 13:37 and will only accept events for the current hour
|
||
or the next hour. When events are ingested, the node announces that it is
|
||
serving a segment of data for an interval from 13:00 to 14:00. Every 10
|
||
minutes (the persist period is configurable), the node will flush and persist
|
||
its in-memory buffer to disk. Near the end of the hour, the node will likely
|
||
see events for 14:00 to 15:00. When this occurs, the node prepares to serve
|
||
data for the next hour and creates a new in-memory index. The node then
|
||
announces that it is also serving a segment from 14:00 to 15:00. The node does
|
||
not immediately merge persisted indexes from 13:00 to 14:00, instead it waits
|
||
for a configurable window period for straggling events from 13:00 to 14:00 to
|
||
arrive. This window period minimizes the risk of data loss from delays in event
|
||
delivery. At the end of the window period, the node merges all persisted
|
||
indexes from 13:00 to 14:00 into a single immutable segment and hands the
|
||
segment off. Once this segment is loaded and queryable somewhere else in the
|
||
Druid cluster, the real-time node flushes all information about the data it
|
||
collected for 13:00 to 14:00 and unannounces it is serving this data.
|
||
|
||
\begin{figure*}
|
||
\centering
|
||
\includegraphics[width = 4.5in]{realtime_timeline}
|
||
\caption{The node starts, ingests data, persists, and periodically hands data
|
||
off. This process repeats indefinitely. The time intervals between different
|
||
real-time node operations are configurable.}
|
||
\label{fig:realtime_timeline}
|
||
\end{figure*}
|
||
|
||
\subsubsection{Availability and Scalability}
|
||
Real-time nodes are a consumer of data and require a corresponding producer to
|
||
provide the data stream. Commonly, for data durability purposes, a message
|
||
bus such as Kafka \cite{kreps2011kafka} sits between the producer and the
|
||
real-time node as shown in Figure~\ref{fig:realtime_pipeline}. Real-time nodes
|
||
ingest data by reading events from the message bus. The time from event
|
||
creation to event consumption is ordinarily on the order of hundreds of
|
||
milliseconds.
|
||
|
||
\begin{figure}
|
||
\centering
|
||
\includegraphics[width = 2.8in]{realtime_pipeline}
|
||
\caption{Multiple real-time nodes can read from the same message bus. Each node maintains its own offset.}
|
||
\label{fig:realtime_pipeline}
|
||
\end{figure}
|
||
|
||
The purpose of the message bus in Figure~\ref{fig:realtime_pipeline} is
|
||
two-fold. First, the message bus acts as a buffer for incoming events. A
|
||
message bus such as Kafka maintains positional offsets indicating how far a
|
||
consumer (a real-time node) has read in an event stream. Consumers can
|
||
programmatically update these offsets. Real-time nodes update this offset each
|
||
time they persist their in-memory buffers to disk. In a fail and recover
|
||
scenario, if a node has not lost disk, it can reload all persisted indexes from
|
||
disk and continue reading events from the last offset it committed. Ingesting
|
||
events from a recently committed offset greatly reduces a node's recovery time.
|
||
In practice, we see nodes recover from such failure scenarios in a
|
||
few seconds.
|
||
|
||
The second purpose of the message bus is to act as a single endpoint from which
|
||
multiple real-time nodes can read events. Multiple real-time nodes can ingest
|
||
the same set of events from the bus, creating a replication of events. In a
|
||
scenario where a node completely fails and loses disk, replicated streams
|
||
ensure that no data is lost. A single ingestion endpoint also allows for data
|
||
streams for be partitioned such that multiple real-time nodes each ingest a
|
||
portion of a stream. This allows additional real-time nodes to be seamlessly
|
||
added. In practice, this model has allowed one of the largest production Druid
|
||
clusters to be able to consume raw data at approximately 500 MB/s (150,000
|
||
events/s or 2 TB/hour).
|
||
|
||
\subsection{Historical Nodes}
|
||
Historical nodes encapsulate the functionality to load and serve the immutable
|
||
blocks of data (segments) created by real-time nodes. In many real-world
|
||
workflows, most of the data loaded in a Druid cluster is immutable and hence,
|
||
historical nodes are typically the main workers of a Druid cluster. Historical
|
||
nodes follow a shared-nothing architecture and there is no single point of
|
||
contention among the nodes. The nodes have no knowledge of one another and are
|
||
operationally simple; they only know how to load, drop, and serve immutable
|
||
segments.
|
||
|
||
Similar to real-time nodes, historical nodes announce their online state and
|
||
the data they are serving in Zookeeper. Instructions to load and drop segments
|
||
are sent over Zookeeper and contain information about where the segment is
|
||
located in deep storage and how to decompress and process the segment. Before
|
||
a historical node downloads a particular segment from deep storage, it first
|
||
checks a local cache that maintains information about what segments already
|
||
exist on the node. If information about a segment is not present in the cache,
|
||
the historical node will proceed to download the segment from deep storage.
|
||
This process is shown in Figure~\ref{fig:historical_download}. Once processing
|
||
is complete, the segment is announced in Zookeeper. At this point, the segment
|
||
is queryable. The local cache also allows for historical nodes to be quickly
|
||
updated and restarted. On startup, the node examines its cache and immediately
|
||
serves whatever data it finds.
|
||
|
||
\begin{figure}
|
||
\centering
|
||
\includegraphics[width = 2.6in]{historical_download}
|
||
\caption{Historical nodes download immutable segments from deep storage. Segments must be loaded in memory before they can be queried.}
|
||
\label{fig:historical_download}
|
||
\end{figure}
|
||
|
||
Historical nodes can support read consistency because they only deal with
|
||
immutable data. Immutable data blocks also enable a simple parallelization
|
||
model: historical nodes can concurrently scan and aggregate immutable blocks
|
||
without blocking.
|
||
|
||
\subsubsection{Tiers}
|
||
\label{sec:tiers}
|
||
Historical nodes can be grouped in different tiers, where all nodes in a
|
||
given tier are identically configured. Different performance and
|
||
fault-tolerance parameters can be set for each tier. The purpose of
|
||
tiered nodes is to enable higher or lower priority segments to be
|
||
distributed according to their importance. For example, it is possible
|
||
to spin up a “hot” tier of historical nodes that have a high number of
|
||
cores and large memory capacity. The “hot” cluster can be configured to
|
||
download more frequently accessed data. A parallel “cold” cluster
|
||
can also be created with much less powerful backing hardware. The
|
||
“cold” cluster would only contain less frequently accessed segments.
|
||
|
||
\subsubsection{Availability}
|
||
Historical nodes depend on Zookeeper for segment load and unload instructions.
|
||
If Zookeeper becomes unavailable, historical nodes are no longer able to serve
|
||
new data and drop outdated data, however, because the queries are served over
|
||
HTTP, historical nodes are still be able to respond to query requests for
|
||
the data they are currently serving. This means that Zookeeper outages do not
|
||
impact current data availability on historical nodes.
|
||
|
||
\subsection{Broker Nodes}
|
||
Broker nodes act as query routers to historical and real-time nodes. Broker
|
||
nodes understand the metadata published in Zookeeper about what segments are
|
||
queryable and where those segments are located. Broker nodes route incoming queries
|
||
such that the queries hit the right historical or real-time nodes. Broker nodes
|
||
also merge partial results from historical and real-time nodes before returning
|
||
a final consolidated result to the caller.
|
||
|
||
\subsubsection{Caching}
|
||
\label{sec:caching}
|
||
Broker nodes contain a cache with a LRU \cite{o1993lru, kim2001lrfu}
|
||
invalidation strategy. The cache can use local heap memory or an external
|
||
distributed key/value store such as Memcached
|
||
\cite{fitzpatrick2004distributed}. Each time a broker node receives a query, it
|
||
first maps the query to a set of segments. Results for certain segments may
|
||
already exist in the cache and there is no need to recompute them. For any
|
||
results that do not exist in the cache, the broker node will forward the query
|
||
to the correct historical and real-time nodes. Once historical nodes return
|
||
their results, the broker will cache these results on a per segment basis for
|
||
future use. This process is illustrated in Figure~\ref{fig:caching}. Real-time
|
||
data is never cached and hence requests for real-time data will always be
|
||
forwarded to real-time nodes. Real-time data is perpetually changing and
|
||
caching the results would be unreliable.
|
||
|
||
\begin{figure*}
|
||
\centering
|
||
\includegraphics[width = 4.5in]{caching}
|
||
\caption{Broker nodes cache per segment results. Every Druid query is mapped to
|
||
a set of segments. Queries often combine cached segment results with those that
|
||
need to be computed on historical and real-time nodes.}
|
||
\label{fig:caching}
|
||
\end{figure*}
|
||
|
||
The cache also acts as an additional level of data durability. In the event
|
||
that all historical nodes fail, it is still possible to query results if those
|
||
results already exist in the cache.
|
||
|
||
\subsubsection{Availability}
|
||
In the event of a total Zookeeper outage, data is still queryable. If broker
|
||
nodes are unable to communicate to Zookeeper, they use their last known view of
|
||
the cluster and continue to forward queries to real-time and historical nodes.
|
||
Broker nodes make the assumption that the structure of the cluster is the same
|
||
as it was before the outage. In practice, this availability model has allowed
|
||
our Druid cluster to continue serving queries for a significant period of time while we
|
||
diagnosed Zookeeper outages.
|
||
|
||
\subsection{Coordinator Nodes}
|
||
Druid coordinator nodes are primarily in charge of data management and
|
||
distribution on historical nodes. The coordinator nodes tell historical nodes
|
||
to load new data, drop outdated data, replicate data, and move data to load
|
||
balance. Druid uses a multi-version concurrency control swapping protocol for
|
||
managing immutable segments in order to maintain stable views. If any
|
||
immutable segment contains data that is wholly obseleted by newer segments, the
|
||
outdated segment is dropped from the cluster. Coordinator nodes undergo a
|
||
leader-election process that determines a single node that runs the coordinator
|
||
functionality. The remaining coordinator nodes act as redundant backups.
|
||
|
||
A coordinator node runs periodically to determine the current state of the
|
||
cluster. It makes decisions by comparing the expected state of the cluster with
|
||
the actual state of the cluster at the time of the run. As with all Druid
|
||
nodes, coordinator nodes maintain a Zookeeper connection for current cluster
|
||
information. Coordinator nodes also maintain a connection to a MySQL
|
||
database that contains additional operational parameters and configurations.
|
||
One of the key pieces of information located in the MySQL database is a table
|
||
that contains a list of all segments that should be served by historical nodes.
|
||
This table can be updated by any service that creates segments, for example,
|
||
real-time nodes. The MySQL database also contains a rule table that governs how
|
||
segments are created, destroyed, and replicated in the cluster.
|
||
|
||
\subsubsection{Rules}
|
||
Rules govern how historical segments are loaded and dropped from the cluster.
|
||
Rules indicate how segments should be assigned to different historical node
|
||
tiers and how many replicates of a segment should exist in each tier. Rules may
|
||
also indicate when segments should be dropped entirely from the cluster. Rules
|
||
are usually set for a period of time. For example, a user may use rules to
|
||
load the most recent one month's worth of segments into a "hot" cluster, the
|
||
most recent one year's worth of segments into a "cold" cluster, and drop any
|
||
segments that are older.
|
||
|
||
The coordinator nodes load a set of rules from a rule table in the MySQL
|
||
database. Rules may be specific to a certain data source and/or a default set
|
||
of rules may be configured. The coordinator node will cycle through all available
|
||
segments and match each segment with the first rule that applies to it.
|
||
|
||
\subsubsection{Load Balancing}
|
||
In a typical production environment, queries often hit dozens or even hundreds
|
||
of segments. Since each historical node has limited resources, segments must be
|
||
distributed among the cluster to ensure that the cluster load is not too
|
||
imbalanced. Determining optimal load distribution requires some knowledge about
|
||
query patterns and speeds. Typically, queries cover recent segments spanning
|
||
contiguous time intervals for a single data source. On average, queries that
|
||
access smaller segments are faster.
|
||
|
||
These query patterns suggest replicating recent historical segments at a higher
|
||
rate, spreading out large segments that are close in time to different
|
||
historical nodes, and co-locating segments from different data sources. To
|
||
optimally distribute and balance segments among the cluster, we developed a
|
||
cost-based optimization procedure that takes into account the segment data
|
||
source, recency, and size. The exact details of the algorithm are beyond the
|
||
scope of this paper and may be discussed in future literature.
|
||
|
||
\subsubsection{Replication}
|
||
Coordinator nodes may tell different historical nodes to load copies of the
|
||
same segment. The number of replicates in each tier of the historical compute
|
||
cluster is fully configurable. Setups that require high levels of fault
|
||
tolerance can be configured to have a high number of replicas. Replicated
|
||
segments are treated the same as the originals and follow the same load
|
||
distribution algorithm. By replicating segments, single historical node
|
||
failures are transparent in the Druid cluster. We use this property for
|
||
software upgrades. We can seamlessly take a historical node offline, update it,
|
||
bring it back up, and repeat the process for every historical node in a
|
||
cluster. Over the last two years, we have never taken downtime in our Druid
|
||
cluster for software upgrades.
|
||
|
||
\subsubsection{Availability}
|
||
Druid coordinator nodes have two external dependencies: Zookeeper and MySQL.
|
||
Coordinator nodes rely on Zookeeper to determine what historical nodes already
|
||
exist in the cluster. If Zookeeper becomes unavailable, the coordinator will no
|
||
longer be able to send instructions to assign, balance, and drop segments.
|
||
However, these operations do not affect data availability at all.
|
||
|
||
The design principle for responding to MySQL and Zookeeper failures is the
|
||
same: if an external dependency responsible for coordination fails, the cluster
|
||
maintains the status quo. Druid uses MySQL to store operational management
|
||
information and segment metadata information about what segments should exist
|
||
in the cluster. If MySQL goes down, this information becomes unavailable to
|
||
coordinator nodes. However, this does not mean data itself is unavailable. If
|
||
coordinator nodes cannot communicate to MySQL, they will cease to assign new
|
||
segments and drop outdated ones. Broker, historical, and real-time nodes are still
|
||
queryable during MySQL outages.
|
||
|
||
\section{Storage Format}
|
||
\label{sec:storage-format}
|
||
Data tables in Druid (called \emph{data sources}) are collections of
|
||
timestamped events and partitioned into a set of segments, where each segment
|
||
is typically 5--10 million rows. Formally, we define a segment as a collection
|
||
of rows of data that span some period in time. Segments represent the
|
||
fundamental storage unit in Druid and replication and distribution are done at
|
||
a segment level.
|
||
|
||
Druid always requires a timestamp column as a method of simplifying data
|
||
distribution policies, data retention policies, and first-level query pruning.
|
||
Druid partitions its data sources into well-defined time intervals, typically
|
||
an hour or a day, and may further partition on values from other columns to
|
||
achieve the desired segment size. The time granularity
|
||
to partition segments is a function of data volume and time range. A data set
|
||
with timestamps spread over a year is better partitioned by day, and a data set
|
||
with timestamps spread over a day is better partitioned by hour.
|
||
|
||
Segments are uniquely identified by a data source identifer, the time interval
|
||
of the data, and a version string that increases whenever a new segment is
|
||
created. The version string indicates the freshness of segment data; segments
|
||
with later versions have newer views of data (over some time range) than
|
||
segments with older versions. This segment metadata is used by the system for
|
||
concurrency control; read operations always access data in a particular time
|
||
range from the segments with the latest version identifiers for that time
|
||
range.
|
||
|
||
Druid segments are stored in a column orientation. Given that Druid is best
|
||
used for aggregating event streams (all data going into Druid must have a
|
||
timestamp), the advantages storing aggregate information as columns rather than
|
||
rows are well documented \cite{abadi2008column}. Column storage allows for more
|
||
efficient CPU usage as only what is needed is actually loaded and scanned. In a
|
||
row oriented data store, all columns associated with a row must be scanned as
|
||
part of an aggregation. The additional scan time can introduce signficant performance
|
||
degradations \cite{abadi2008column}.
|
||
|
||
Druid has multiple column types to represent various data formats. Depending on
|
||
the column type, different compression methods are used to reduce the cost of
|
||
storing a column in memory and on disk. In the example given in
|
||
Table~\ref{tab:sample_data}, the page, user, gender, and city columns only
|
||
contain strings. Storing strings directly is unnecessarily costly and string
|
||
columns can be dictionary encoded instead. Dictionary encoding is a common
|
||
method to compress data and has been used in other data stores such as
|
||
PowerDrill \cite{hall2012processing}. In the example in
|
||
Table~\ref{tab:sample_data}, we can map each page to an unique integer
|
||
identifier.
|
||
{\small\begin{verbatim}
|
||
Justin Bieber -> 0
|
||
Ke$ha -> 1
|
||
\end{verbatim}}
|
||
This mapping allows us to represent the page column as an integer
|
||
array where the array indices correspond to the rows of the original
|
||
data set. For the page column, we can represent the unique
|
||
pages as follows:
|
||
{\small\begin{verbatim}
|
||
[0, 0, 1, 1]
|
||
\end{verbatim}}
|
||
|
||
The resulting integer array lends itself very well to
|
||
compression methods. Generic compression algorithms on top of encodings are
|
||
extremely common in column-stores. Druid uses the LZF \cite{liblzf2013} compression
|
||
algorithm.
|
||
|
||
Similar compression methods can be applied to numeric
|
||
columns. For example, the characters added and characters removed columns in
|
||
Table~\ref{tab:sample_data} can also be expressed as individual
|
||
arrays.
|
||
{\small\begin{verbatim}
|
||
Characters Added -> [1800, 2912, 1953, 3194]
|
||
Characters Removed -> [25, 42, 17, 170]
|
||
\end{verbatim}}
|
||
In this case, we compress the raw values as opposed to their dictionary
|
||
representations.
|
||
|
||
\subsection{Indices for Filtering Data}
|
||
In many real world OLAP workflows, queries are issued for the aggregated
|
||
results of some set of metrics where some set of dimension specifications are
|
||
met. An example query is: "How many Wikipedia edits were done by users in
|
||
San Francisco who are also male?". This query is filtering the Wikipedia data
|
||
set in Table~\ref{tab:sample_data} based on a Boolean expression of dimension
|
||
values. In many real world data sets, dimension columns contain strings and
|
||
metric columns contain numeric values. Druid creates additional lookup
|
||
indices for string columns such that only those rows that pertain to a
|
||
particular query filter are ever scanned.
|
||
|
||
Let us consider the page column in
|
||
Table~\ref{tab:sample_data}. For each unique page in
|
||
Table~\ref{tab:sample_data}, we can form some representation
|
||
indicating in which table rows a particular page is seen. We can
|
||
store this information in a binary array where the array indices
|
||
represent our rows. If a particular page is seen in a certain
|
||
row, that array index is marked as \texttt{1}. For example:
|
||
{\small\begin{verbatim}
|
||
Justin Bieber -> rows [0, 1] -> [1][1][0][0]
|
||
Ke$ha -> rows [2, 3] -> [0][0][1][1]
|
||
\end{verbatim}}
|
||
|
||
\texttt{Justin Bieber} is seen in rows \texttt{0} and \texttt{1}. This mapping of column values
|
||
to row indices forms an inverted index \cite{tomasic1993performance}. To know which
|
||
rows contain {\ttfamily Justin Bieber} or {\ttfamily Ke\$ha}, we can \texttt{OR} together
|
||
the two arrays.
|
||
{\small\begin{verbatim}
|
||
[0][1][0][1] OR [1][0][1][0] = [1][1][1][1]
|
||
\end{verbatim}}
|
||
|
||
\begin{figure}
|
||
\centering
|
||
\includegraphics[width = 2.8in]{concise_plot}
|
||
\caption{Integer array size versus Concise set size.}
|
||
\label{fig:concise_plot}
|
||
\end{figure}
|
||
|
||
This approach of performing Boolean operations on large bitmap sets is commonly
|
||
used in search engines. Bitmap indices for OLAP workloads is described in
|
||
detail in \cite{o1997improved}. Bitmap compression algorithms are a
|
||
well-defined area of research \cite{antoshenkov1995byte, wu2006optimizing,
|
||
van2011memory} and often utilize run-length encoding. Druid opted to use the
|
||
Concise algorithm \cite{colantonio2010concise} as it can outperform WAH by
|
||
reducing compressed bitmap size by up to 50\%. Figure~\ref{fig:concise_plot}
|
||
illustrates the number of bytes using Concise compression versus using an
|
||
integer array. The results were generated on a \texttt{cc2.8xlarge} system with a single
|
||
thread, 2G heap, 512m young gen, and a forced GC between each run. The data set
|
||
is a single day’s worth of data collected from the Twitter garden hose
|
||
\cite{twitter2013} data stream. The data set contains 2,272,295 rows and 12
|
||
dimensions of varying cardinality. As an additional comparison, we also
|
||
resorted the data set rows to maximize compression.
|
||
|
||
In the unsorted case, the total Concise size was 53,451,144 bytes and the total
|
||
integer array size was 127,248,520 bytes. Overall, Concise compressed sets are
|
||
about 42\% smaller than integer arrays. In the sorted case, the total Concise
|
||
compressed size was 43,832,884 bytes and the total integer array size was
|
||
127,248,520 bytes. What is interesting to note is that after sorting, global
|
||
compression only increased minimally.
|
||
|
||
\subsection{Storage Engine}
|
||
Druid’s persistence components allows for different storage engines to be
|
||
plugged in, similar to Dynamo \cite{decandia2007dynamo}. These storage engines
|
||
may store data in an entirely in-memory structure such as the JVM heap or in
|
||
memory-mapped structures. The ability to swap storage engines allows for Druid
|
||
to be configured depending on a particular application’s specifications. An
|
||
in-memory storage engine may be operationally more expensive than a
|
||
memory-mapped storage engine but could be a better alternative if performance
|
||
is critical. By default, a memory-mapped storage engine is used.
|
||
|
||
When using a memory-mapped storage engine, Druid relies on the operating system
|
||
to page segments in and out of memory. Given that segments can only be scanned
|
||
if they are loaded in memory, a memory-mapped storage engine allows recent
|
||
segments to retain in memory whereas segments that are never queried are paged
|
||
out. The main drawback with using the memory-mapped storage engine is when a
|
||
query requires more segments to be paged into memory than a given node has
|
||
capacity for. In this case, query performance will suffer from the cost of
|
||
paging segments in and out of memory.
|
||
|
||
\section{Query API}
|
||
\label{sec:query-api}
|
||
Druid has its own query language and accepts queries as POST requests. Broker,
|
||
historical, and real-time nodes all share the same query API.
|
||
|
||
The body of the POST request is a JSON object containing key-value pairs
|
||
specifying various query parameters. A typical query will contain the data
|
||
source name, the granularity of the result data, time range of interest, the
|
||
type of request, and the metrics to aggregate over. The result will also be a
|
||
JSON object containing the aggregated metrics over the time period.
|
||
|
||
Most query types will also support a filter set. A filter set is a Boolean
|
||
expression of dimension name and value pairs. Any number and combination of
|
||
dimensions and values may be specified. When a filter set is provided, only
|
||
the subset of the data that pertains to the filter set will be scanned. The
|
||
ability to handle complex nested filter sets is what enables Druid to drill
|
||
into data at any depth.
|
||
|
||
The exact query syntax depends on the query type and the information requested.
|
||
A sample count query over a week of data is as follows:
|
||
{\scriptsize\begin{verbatim}
|
||
{
|
||
"queryType" : "timeseries",
|
||
"dataSource" : "wikipedia",
|
||
"intervals" : "2013-01-01/2013-01-08",
|
||
"filter" : {
|
||
"type" : "selector",
|
||
"dimension" : "page",
|
||
"value" : "Ke$ha"
|
||
},
|
||
"granularity" : "day",
|
||
"aggregations" : [{"type":"count", "name":"rows"}]
|
||
}
|
||
\end{verbatim}}
|
||
The query shown above will return a count of the number of rows in the Wikipedia datasource
|
||
from 2013-01-01 to 2013-01-08, filtered for only those rows where the value of the "page" dimension is
|
||
equal to "Ke\$ha". The results will be bucketed by day and will be a JSON array of the following form:
|
||
{\scriptsize\begin{verbatim}
|
||
[ {
|
||
"timestamp": "2012-01-01T00:00:00.000Z",
|
||
"result": {"rows":393298}
|
||
},
|
||
{
|
||
"timestamp": "2012-01-02T00:00:00.000Z",
|
||
"result": {"rows":382932}
|
||
},
|
||
...
|
||
{
|
||
"timestamp": "2012-01-07T00:00:00.000Z",
|
||
"result": {"rows": 1337}
|
||
} ]
|
||
\end{verbatim}}
|
||
|
||
Druid supports many types of aggregations including double sums, long sums,
|
||
minimums, maximums, and complex aggregations such as cardinality estimation and
|
||
approximate quantile estimation. The results of aggregations can be combined
|
||
in mathematical expressions to form other aggregations. It is beyond the scope
|
||
of this paper to fully describe the query API but more information can be found
|
||
online\footnote{\href{http://druid.io/docs/latest/Querying.html}{http://druid.io/docs/latest/Querying.html}}.
|
||
|
||
As of this writing, a join query for Druid is not yet implemented. This has
|
||
been a function of engineering resource allocation decisions and use case more
|
||
than a decision driven by technical merit. Indeed, Druid's storage format
|
||
would allow for the implementation of joins (there is no loss of fidelity for
|
||
columns included as dimensions) and the implementation of them has been a
|
||
conversation that we have every few months. To date, we have made the choice
|
||
that the implementation cost is not worth the investment for our organization.
|
||
The reasons for this decision are generally two-fold.
|
||
|
||
\begin{enumerate}
|
||
\item Scaling join queries has been, in our professional experience, a constant bottleneck of working with distributed databases.
|
||
\item The incremental gains in functionality are perceived to be of less value than the anticipated problems with managing highly concurrent, join-heavy workloads.
|
||
\end{enumerate}
|
||
|
||
A join query is essentially the merging of two or more streams of data based on
|
||
a shared set of keys. The primary high-level strategies for join queries the
|
||
authors are aware of are a hash-based strategy or a sorted-merge strategy. The
|
||
hash-based strategy requires that all but one data set be available as
|
||
something that looks like a hash table, a lookup operation is then performed on
|
||
this hash table for every row in the "primary" stream. The sorted-merge
|
||
strategy assumes that each stream is sorted by the join key and thus allows for
|
||
the incremental joining of the streams. Each of these strategies, however,
|
||
requires the materialization of some number of the streams either in sorted
|
||
order or in a hash table form.
|
||
|
||
When all sides of the join are significantly large tables (> 1 billion records),
|
||
materializing the pre-join streams requires complex distributed memory
|
||
management. The complexity of the memory management is only amplified by
|
||
the fact that we are targeting highly concurrent, multitenant workloads.
|
||
This is, as far as the authors are aware, an active academic research
|
||
problem that we would be more than willing to engage with the academic
|
||
community to help resolving in a scalable manner.
|
||
|
||
|
||
\section{Performance}
|
||
\label{sec:benchmarks}
|
||
Druid runs in production at several organizations, and to demonstrate its
|
||
performance, we have chosen to share some real world numbers for the main production
|
||
cluster running at Metamarkets in early 2014. For comparison with other databases
|
||
we also include results from synthetic workloads on TPC-H data.
|
||
|
||
\subsection{Query Performance in Production}
|
||
Druid query performance can vary signficantly depending on the query
|
||
being issued. For example, sorting the values of a high cardinality dimension
|
||
based on a given metric is much more expensive than a simple count over a time
|
||
range. To showcase the average query latencies in a production Druid cluster,
|
||
we selected 8 of our most queried data sources, described in
|
||
Table~\ref{tab:datasources}.
|
||
|
||
Approximately 30\% of the queries are standard
|
||
aggregates involving different types of metrics and filters, 60\% of queries
|
||
are ordered group bys over one or more dimensions with aggregates, and 10\% of
|
||
queries are search queries and metadata retrieval queries. The number of
|
||
columns scanned in aggregate queries roughly follows an exponential
|
||
distribution. Queries involving a single column are very frequent, and queries
|
||
involving all columns are very rare.
|
||
|
||
\begin{table}
|
||
\centering
|
||
\label{tab:datasources}
|
||
\begin{tabular}{| l | l | l |}
|
||
\hline
|
||
\textbf{Data Source} & \textbf{Dimensions} & \textbf{Metrics} \\ \hline
|
||
\texttt{a} & 25 & 21 \\ \hline
|
||
\texttt{b} & 30 & 26 \\ \hline
|
||
\texttt{c} & 71 & 35 \\ \hline
|
||
\texttt{d} & 60 & 19 \\ \hline
|
||
\texttt{e} & 29 & 8 \\ \hline
|
||
\texttt{f} & 30 & 16 \\ \hline
|
||
\texttt{g} & 26 & 18 \\ \hline
|
||
\texttt{h} & 78 & 14 \\ \hline
|
||
\end{tabular}
|
||
\caption{Characteristics of production data sources.}
|
||
\end{table}
|
||
|
||
A few notes about our results:
|
||
\begin{itemize}[leftmargin=*,beginpenalty=5000,topsep=0pt]
|
||
\item The results are from a "hot" tier in our production cluster. We run
|
||
several tiers of varying performance in production.
|
||
|
||
\item There is approximately 10.5TB of RAM available in the "hot" tier and
|
||
approximately 10TB of segments loaded (including replication). Collectively,
|
||
there are about 50 billion Druid rows in this tier. Results for
|
||
every data source are not shown.
|
||
|
||
\item The hot tier uses Xeon E5-2670 processors and consists of 1302 processing
|
||
threads and 672 total cores (hyperthreaded).
|
||
|
||
\item A memory-mapped storage engine was used (the machine was configured to
|
||
memory map the data instead of loading it into the Java heap.)
|
||
\end{itemize}
|
||
|
||
Query latencies are shown in Figure~\ref{fig:query_latency} and the queries per
|
||
minute is shown in Figure~\ref{fig:queries_per_min}. Across all the various
|
||
data sources, average query latency is approximately 550 milliseconds, with
|
||
90\% of queries returning in less than 1 second, 95\% in under 2 seconds, and
|
||
99\% of queries taking less than 10 seconds to complete.
|
||
Occasionally we observe spikes in latency, as observed on February 19,
|
||
in which case network issues on the cache nodes were compounded by very high
|
||
query load on one of our largest datasources.
|
||
|
||
\begin{figure}
|
||
\centering
|
||
\includegraphics[width = 2.3in]{avg_query_latency}
|
||
\includegraphics[width = 2.3in]{query_percentiles}
|
||
\caption{Query latencies of production data sources.}
|
||
\label{fig:query_latency}
|
||
\end{figure}
|
||
|
||
\begin{figure}
|
||
\centering
|
||
\includegraphics[width = 2.8in]{queries_per_min}
|
||
\caption{Queries per minute of production data sources.}
|
||
\label{fig:queries_per_min}
|
||
\end{figure}
|
||
|
||
\subsection{Query Benchmarks on TPC-H Data}
|
||
We also present Druid benchmarks on TPC-H data.
|
||
Most TPC-H queries do not directly apply to Druid, so we
|
||
selected queries more typical of Druid's workload to demonstrate query performance. As a
|
||
comparison, we also provide the results of the same queries using MySQL using the
|
||
MyISAM engine (InnoDB was slower in our experiments).
|
||
|
||
We selected MySQL to benchmark
|
||
against because of its universal popularity. We choose not to select another
|
||
open source column store because we were not confident we could correctly tune
|
||
it for optimal performance.
|
||
|
||
Our Druid setup used Amazon EC2
|
||
\texttt{m3.2xlarge} (Intel(R) Xeon(R) CPU E5-2680 v2 @ 2.80GHz) instances for
|
||
historical nodes and \texttt{c3.2xlarge} (Intel(R) Xeon(R) CPU E5-2670 v2 @ 2.50GHz) instances for broker
|
||
nodes. Our MySQL setup was an Amazon RDS instance that ran on the same \texttt{m3.2xlarge} instance type.
|
||
|
||
The results for the 1 GB TPC-H data set are shown
|
||
in Figure~\ref{fig:tpch_1gb} and the results of the 100 GB data set are shown
|
||
in Figure~\ref{fig:tpch_100gb}. We benchmarked Druid's scan rate at
|
||
53,539,211 rows/second/core for \texttt{select count(*)} equivalent query over a given time interval
|
||
and 36,246,530 rows/second/core for a \texttt{select sum(float)} type query.
|
||
|
||
\begin{figure}
|
||
\centering
|
||
\includegraphics[width = 2.3in]{tpch_1gb}
|
||
\caption{Druid \& MySQL benchmarks -- 1GB TPC-H data.}
|
||
\label{fig:tpch_1gb}
|
||
\end{figure}
|
||
|
||
\begin{figure}
|
||
\centering
|
||
\includegraphics[width = 2.3in]{tpch_100gb}
|
||
\caption{Druid \& MySQL benchmarks -- 100GB TPC-H data.}
|
||
\label{fig:tpch_100gb}
|
||
\end{figure}
|
||
|
||
Finally, we present our results of scaling Druid to meet increasing data
|
||
volumes with the TPC-H 100 GB data set. We observe that when we
|
||
increased the number of cores from 8 to 48, not all types of queries
|
||
achieve linear scaling, but the simpler aggregation queries do,
|
||
as shown in Figure~\ref{fig:tpch_scaling}.
|
||
|
||
The increase in speed of a parallel computing system is often limited by the
|
||
time needed for the sequential operations of the system. In this case, queries
|
||
requiring a substantial amount of work at the broker level do not parallelize as
|
||
well.
|
||
|
||
\begin{figure}
|
||
\centering
|
||
\includegraphics[width = 2.3in]{tpch_scaling}
|
||
\caption{Druid scaling benchmarks -- 100GB TPC-H data.}
|
||
\label{fig:tpch_scaling}
|
||
\end{figure}
|
||
|
||
\subsection{Data Ingestion Performance}
|
||
To showcase Druid's data ingestion latency, we selected several production
|
||
datasources of varying dimensions, metrics, and event volumes. Our production
|
||
ingestion setup consists of 6 nodes, totalling 360GB of RAM and 96 cores
|
||
(12 x Intel Xeon E5-2670).
|
||
|
||
Note that in this setup, several other data sources were being ingested and
|
||
many other Druid related ingestion tasks were running concurrently on those machines.
|
||
|
||
Druid's data ingestion latency is heavily dependent on the complexity of the
|
||
data set being ingested. The data complexity is determined by the number of
|
||
dimensions in each event, the number of metrics in each event, and the types of
|
||
aggregations we want to perform on those metrics. With the most basic data set
|
||
(one that only has a timestamp column), our setup can ingest data at a rate of
|
||
800,000 events/second/core, which is really just a measurement of how fast we can
|
||
deserialize events. Real world data sets are never this simple.
|
||
Table~\ref{tab:ingest_datasources} shows a selection of data sources and their
|
||
chracteristics.
|
||
|
||
\begin{table}
|
||
\centering
|
||
\label{tab:ingest_datasources}
|
||
\begin{tabular}{| l | l | l | l |}
|
||
\hline
|
||
\scriptsize\textbf{Data Source} & \scriptsize\textbf{Dimensions} & \scriptsize\textbf{Metrics} & \scriptsize\textbf{Peak events/s} \\ \hline
|
||
\texttt{s} & 7 & 2 & 28334.60 \\ \hline
|
||
\texttt{t} & 10 & 7 & 68808.70 \\ \hline
|
||
\texttt{u} & 5 & 1 & 49933.93 \\ \hline
|
||
\texttt{v} & 30 & 10 & 22240.45 \\ \hline
|
||
\texttt{w} & 35 & 14 & 135763.17 \\ \hline
|
||
\texttt{x} & 28 & 6 & 46525.85 \\ \hline
|
||
\texttt{y} & 33 & 24 & 162462.41 \\ \hline
|
||
\texttt{z} & 33 & 24 & 95747.74 \\ \hline
|
||
\end{tabular}
|
||
\caption{Ingestion characteristics of various data sources.}
|
||
\end{table}
|
||
|
||
We can see that, based on the descriptions in
|
||
Table~\ref{tab:ingest_datasources}, latencies vary significantly and the
|
||
ingestion latency is not always a factor of the number of dimensions and
|
||
metrics. We see some lower latencies on simple data sets because that was the
|
||
rate that the data producer was delivering data. The results are shown in
|
||
Figure~\ref{fig:ingestion_rate}.
|
||
|
||
We define throughput as the number of events a
|
||
real-time node can ingest and also make queryable. If too many events are sent
|
||
to the real-time node, those events are blocked until the real-time node has
|
||
capacity to accept them. The peak ingestion latency we measured in production
|
||
was 22914.43 events/second/core on a datasource with 30 dimensions and 19 metrics,
|
||
running an Amazon \texttt{cc2.8xlarge} instance.
|
||
|
||
\begin{figure}
|
||
\centering
|
||
\includegraphics[width = 2.8in]{ingestion_rate}
|
||
\caption{Combined cluster ingestion rates.}
|
||
\label{fig:ingestion_rate}
|
||
\end{figure}
|
||
|
||
The latency measurements we presented are sufficient to address the our stated
|
||
problems of interactivity. We would prefer the variability in the latencies to
|
||
be less. It is still very possible to possible to decrease latencies by adding
|
||
additional hardware, but we have not chosen to do so because infrastructure
|
||
cost is still a consideration to us.
|
||
|
||
\section{Druid in Production}\label{sec:production}
|
||
Over the last few years, we have gained tremendous knowledge about handling
|
||
production workloads with Druid and have made a couple of interesting observations.
|
||
|
||
\paragraph{Query Patterns}
|
||
Druid is often used to explore data and generate reports on data. In the
|
||
explore use case, the number of queries issued by a single user is much higher
|
||
than in the reporting use case. Exploratory queries often involve progressively
|
||
adding filters for the same time range to narrow down results. Users tend to
|
||
explore short time intervals of recent data. In the generate report use case,
|
||
users query for much longer data intervals, but users also already have the
|
||
queries they want to issue in mind.
|
||
|
||
\paragraph{Multitenancy}
|
||
Expensive concurrent queries can be problematic in a multitenant
|
||
environment. Queries for large datasources may end up hitting every historical
|
||
node in a cluster and consume all cluster resources. Smaller, cheaper queries
|
||
may be blocked from executing in such cases. We introduced query prioritization
|
||
to address these issues. Each historical node is able to prioritize which
|
||
segments it needs to scan. Proper query planning is critical for production
|
||
workloads. Thankfully, queries for a significant amount of data tend to be for
|
||
reporting use cases, and users are not expecting the same level of
|
||
interactivity as when they are querying to explore data.
|
||
|
||
\paragraph{Node failures}
|
||
Single node failures are common in distributed environments, but many nodes
|
||
failing at once are not. If historical nodes completely fail and do not
|
||
recover, their segments need to reassigned, which means we need excess cluster
|
||
capacity to load this data. The amount of additional capacity to have at any
|
||
time contributes to the cost of running a cluster. From our experiences, it is
|
||
extremely rare to see more than 2 nodes completely fail at once and hence, we
|
||
leave enough capacity in our cluster to completely reassign the data from 2
|
||
historical nodes.
|
||
|
||
\paragraph{Data Center Outages}
|
||
Complete cluster failures are possible, but extremely rare. If Druid is
|
||
deployed only in a single data center, it is possible for the entire data
|
||
center to fail. In such cases, new machines need to be provisioned. As long as
|
||
deep storage is still available, cluster recovery time is network bound as
|
||
historical nodes simply need to redownload every segment from deep storage. We
|
||
have experienced such failures in the past, and the recovery time was around
|
||
several hours in the AWS ecosystem on several TBs of data.
|
||
|
||
\subsection{Operational Monitoring}
|
||
Proper monitoring is critical to run a large scale distributed cluster.
|
||
Each Druid node is designed to periodically emit a set of operational metrics.
|
||
These metrics may include system level data such as CPU usage, available
|
||
memory, and disk capacity, JVM statistics such as garbage collection time, and
|
||
heap usage, or node specific metrics such as segment scan time, cache
|
||
hit rates, and data ingestion latencies. Druid also emits per query metrics.
|
||
|
||
We emit metrics from a production Druid cluster and load them into a dedicated
|
||
metrics Druid cluster. The metrics Druid cluster is used to explore the
|
||
performance and stability of the production cluster. This dedicated metrics
|
||
cluster has allowed us to find numerous production problems, such as gradual
|
||
query speed degregations, less than optimally tuned hardware, and various other
|
||
system bottlenecks. We also use a metrics cluster to analyze what queries are
|
||
made in production and what users are most interested in.
|
||
|
||
\subsection{Pairing Druid with a Stream Processor}
|
||
At the time of writing, Druid can only understand fully denormalized data
|
||
streams. In order to provide full business logic in production, Druid can be
|
||
paired with a stream processor such as Apache Storm \cite{marz2013storm}.
|
||
|
||
A Storm topology consumes events from a data stream, retains only those that are
|
||
“on-time”, and applies any relevant business logic. This could range from
|
||
simple transformations, such as id to name lookups, up to complex operations
|
||
such as multi-stream joins. The Storm topology forwards the processed event
|
||
stream to Druid in real-time. Storm handles the streaming data processing work,
|
||
and Druid is used for responding to queries for both real-time and
|
||
historical data.
|
||
|
||
\subsection{Multiple Data Center Distribution}
|
||
Large scale production outages may not only affect single nodes, but entire
|
||
data centers as well. The tier configuration in Druid coordinator nodes allow
|
||
for segments to be replicated across multiple tiers. Hence, segments can be
|
||
exactly replicated across historical nodes in multiple data centers.
|
||
Similarily, query preference can be assigned to different tiers. It is possible
|
||
to have nodes in one data center act as a primary cluster (and recieve all
|
||
queries) and have a redundant cluster in another data center. Such a setup may
|
||
be desired if one data center is situated much closer to users.
|
||
|
||
\section{Related Work}
|
||
\label{sec:related}
|
||
Cattell \cite{cattell2011scalable} maintains a great summary about existing
|
||
Scalable SQL and NoSQL data stores. Hu \cite{hu2011stream} contributed another
|
||
great summary for streaming databases. Druid feature-wise sits somewhere
|
||
between Google’s Dremel \cite{melnik2010dremel} and PowerDrill
|
||
\cite{hall2012processing}. Druid has most of the features implemented in Dremel
|
||
(Dremel handles arbitrary nested data structures while Druid only allows for a
|
||
single level of array-based nesting) and many of the interesting compression
|
||
algorithms mentioned in PowerDrill.
|
||
|
||
Although Druid builds on many of the same principles as other distributed
|
||
columnar data stores \cite{fink2012distributed}, many of these data stores are
|
||
designed to be more generic key-value stores \cite{lakshman2010cassandra} and do not
|
||
support computation directly in the storage layer. There are also other data
|
||
stores designed for some of the same of the data warehousing issues that Druid
|
||
is meant to solve. These systems include include in-memory databases such as
|
||
SAP’s HANA \cite{farber2012sap} and VoltDB \cite{voltdb2010voltdb}. These data
|
||
stores lack Druid's low latency ingestion characteristics. Druid also has
|
||
native analytical features baked in, similar to \cite{paraccel2013}, however,
|
||
Druid allows system wide rolling software updates with no downtime.
|
||
|
||
Druid is similiar to \cite{stonebraker2005c, cipar2012lazybase} in that it has
|
||
two subsystems, a read-optimized subsystem in the historical nodes and a
|
||
write-optimized subsystem in real-time nodes. Real-time nodes are designed to
|
||
ingest a high volume of append heavy data, and do not support data updates.
|
||
Unlike the two aforementioned systems, Druid is meant for OLAP transactions and
|
||
not OLTP transactions.
|
||
|
||
Druid's low latency data ingestion features share some similarities with
|
||
Trident/Storm \cite{marz2013storm} and Streaming Spark
|
||
\cite{zaharia2012discretized}, however, both systems are focused on stream
|
||
processing whereas Druid is focused on ingestion and aggregation. Stream
|
||
processors are great complements to Druid as a means of pre-processing the data
|
||
before the data enters Druid.
|
||
|
||
There are a class of systems that specialize in queries on top of cluster
|
||
computing frameworks. Shark \cite{engle2012shark} is such a system for queries
|
||
on top of Spark, and Cloudera's Impala \cite{cloudera2013} is another system
|
||
focused on optimizing query performance on top of HDFS. Druid historical nodes
|
||
download data locally and only work with native Druid indexes. We believe this
|
||
setup allows for faster query latencies.
|
||
|
||
Druid leverages a unique combination of algorithms in its
|
||
architecture. Although we believe no other data store has the same set
|
||
of functionality as Druid, some of Druid’s optimization techniques such as using
|
||
inverted indices to perform fast filters are also used in other data
|
||
stores \cite{macnicol2004sybase}.
|
||
|
||
\section{Conclusions}
|
||
\label{sec:conclusions}
|
||
In this paper, we presented Druid, a distributed, column-oriented, real-time
|
||
analytical data store. Druid is designed to power high performance applications
|
||
and is optimized for low query latencies. Druid supports streaming data
|
||
ingestion and is fault-tolerant. We discussed how Druid benchmarks and
|
||
summarized key architecture aspects such
|
||
as the storage format, query language, and general execution.
|
||
|
||
\balance
|
||
|
||
\section{Acknowledgements}
|
||
\label{sec:acknowledgements}
|
||
Druid could not have been built without the help of many great engineers at
|
||
Metamarkets and in the community. We want to thank everyone that has
|
||
contributed to the Druid codebase for their invaluable support.
|
||
|
||
% The following two commands are all you need in the
|
||
% initial runs of your .tex file to
|
||
% produce the bibliography for the citations in your paper.
|
||
\bibliographystyle{abbrv}
|
||
\bibliography{druid} % druid.bib is the name of the Bibliography in this case
|
||
% You must have a proper ".bib" file
|
||
% and remember to run:
|
||
% latex bibtex latex latex
|
||
% to resolve all references
|
||
|
||
%Generated by bibtex from your ~.bib file. Run latex,
|
||
%then bibtex, then latex twice (to resolve references).
|
||
|
||
%APPENDIX is optional.
|
||
% ****************** APPENDIX **************************************
|
||
% Example of an appendix; typically would start on a new page
|
||
%pagebreak
|
||
|
||
\end{document}
|