Stream processing and Norikra

@tagomoris
Norikra meetup 2014/07/09
Stream processing
and Norikra
14年7月9日水曜日

TAGOMORI Satoshi (@tagomoris)
LINE Corporation
Analytics Platform Team

THE ONE THING
WHAT YOU MUST LEAN
TODAY IS

Norikra

Norikra
IS NOT
Norika

STREAM PROCESSING

Processing models
Batch processing:
RDBMS, Hadoop(Hive), BigQuery/RedShift
Stream processing:
Storm, Spark streaming, Norikra

Batch processing
RDBMS, Hadoop/Hive, ....
(transaction is out of this topic)
Target window: hours - weeks (or more)
Total throuput: HIGHEST
Query Latency: LARGEST (20sec - mins - hours)

Stream processing
Storm, Esper, Norikra, Fluentd, ....
Kafka(?), Spark streaming(?)
Target window: seconds - hours
Total throughput: Normal
Query latency: SMALLEST (milliseconds)
Queries must be written BEFORE DATA
Once registered, runs forever

Data ﬂow and latency
data window
query execution
Batch Stream
incremental
query exection

Query for stored data
v1,v2,v3,v4,v5,v6
v1,v2,v3,v4,v5,v6
v1,v2,v3,v4,v5,v6
v1,v2,v3,v4,v5,v6
v1,v2,v3,v4,v5,v6
v1,v2,v3,v4,v5,v6
v1,v2,v3,v4,v5,v6
v1,v2,v3,v4,v5,v6
v1,v2,v3,v4,v5,v6
v1,v2,v3,v4,v5,v6
v1,v2,v3,v4,v5,v6
v1,v2,v3,v4,v5,v6
table
At ﬁrst, all data
MUST be stored.

v1,v2,v3,v4,v5,v6
v1,v2,v3,v4,v5,v6
v1,v2,v3,v4,v5,v6
v1,v2,v3,v4,v5,v6
v1,v2,v3,v4,v5,v6
v1,v2,v3,v4,v5,v6
v1,v2,v3,v4,v5,v6
v1,v2,v3,v4,v5,v6
v1,v2,v3,v4,v5,v6
v1,v2,v3,v4,v5,v6
v1,v2,v3,v4,v5,v6
v1,v2,v3,v4,v5,v6
SELECT v1,v2,COUNT(*)
FROM table
WHERE v3=’x’ GROUP BY v1,v2
table

v1,v2,v3,v4,v5,v6
v1,v2,v3,v4,v5,v6
v1,v2,v3,v4,v5,v6
v1,v2,v3,v4,v5,v6
v1,v2,v3,v4,v5,v6
v1,v2,v3,v4,v5,v6
v1,v2,v3,v4,v5,v6
v1,v2,v3,v4,v5,v6
v1,v2,v3,v4,v5,v6
v1,v2,v3,v4,v5,v6
v1,v2,v3,v4,v5,v6
v1,v2,v3,v4,v5,v6
FROM table
table
SELECT v4,COUNT(*)
FROM table
WHERE v1 AND v2 GROUP BY v4

v1,v2,v3,v4,v5,v6
v1,v2,v3,v4,v5,v6
v1,v2,v3,v4,v5,v6
v1,v2,v3,v4,v5,v6
v1,v2,v3,v4,v5,v6
v1,v2,v3,v4,v5,v6
v1,v2,v3,v4,v5,v6
v1,v2,v3,v4,v5,v6
v1,v2,v3,v4,v5,v6
v1,v2,v3,v4,v5,v6
v1,v2,v3,v4,v5,v6
v1,v2,v3,v4,v5,v6
FROM table
table
SELECT v4,COUNT(*)
FROM table
“All data” means
“data that not be used”.

Query for stream data
v1,v2,v3,v4,v5,v6
FROM table.win:xxx
stream
SELECT v4,COUNT(*)
FROM table.win:xxx
v1,v2,v3,v4,v5,v6
v1,v2,v3,v4,v5,v6
v1,v2,v3,v4,v5,v6
v1,v2,v3,v4,v5,v6
v1,v2,v3,v4,v5,v6
v1,v2,v3,v4,v5,v6
v1,v2,v3,v4,v5,v6
v1,v2,v3,v4,v5,v6
v1,v2,v3,v4,v5,v6
v1,v2,v3,v4,v5,v6
v1,v2,v3,v4,v5,v6

v1,v2,v3,v4,v5,v6
FROM table.win:xxx
stream
SELECT v4,COUNT(*)
FROM table.win:xxx
v1,v2,v3
v1,v2,v4
v1,v2,v3,v4,v5,v6
v1,v2,v3,v4,v5,v6
v1,v2,v3,v4,v5,v6
v1,v2,v3,v4,v5,v6
v1,v2,v3,v4,v5,v6
v1,v2,v3,v4,v5,v6
v1,v2,v3,v4,v5,v6
v1,v2,v3,v4,v5,v6
v1,v2,v3,v4,v5,v6

v1,v2,v3,v4,v5,v6
FROM table.win:xxx
stream
SELECT v4,COUNT(*)
FROM table.win:xxx
v1,v2,v3
v1,v2,v4v1,v2,v3,v4,v5,v6
v1,v2,v3,v4,v5,v6
v1,v2,v3,v4,v5,v6
v1,v2,v3,v4,v5,v6
v1,v2,v3,v4,v5,v6
v1,v2,v3,v4,v5,v6
v1,v2,v3,v4,v5,v6
v1,v2,v3,v4,v5,v6

v1,v2,v3,v4,v5,v6
FROM table.win:xxx
stream
SELECT v4,COUNT(*)
FROM table.win:xxx
v1,v2,v3
v1,v2,v4
v1,v2,v3,v4,v5,v6
v1,v2,v3,v4,v5,v6
v1,v2,v3,v4,v5,v6
v1,v2,v3,v4,v5,v6
All data will be discarded
just after inserted.
(Bye-bye storage system maintenance!)

Incremental calculation
v1,v2,v3,v4,v5,v6
FROM table.win:xxx
stream
v1,v2,v3,v4,v5,v6
v1,v2,v3,v4,v5,v6
v1,v2,v3,v4,v5,v6
v1,v2,v3,v4,v5,v6
v1,v2,v3,v4,v5,v6
v1,v2,v3,v4,v5,v6
v1,v2,v3,v4,v5,v6
v1,v2,v3,v4,v5,v6
v1,v2,v3,v4,v5,v6
v1,v2,v3,v4,v5,v6
v1,v2,v3,v4,v5,v6
internal data (memory)
v1 v2 COUNT
TRUE TRUE 0
TRUE FALSE 1
FALSE TRUE 33
FALSE FALSE 2

v1,v2,v3,v4,v5,v6
FROM table.win:xxx
stream
v1,v2,v3,v4,v5,v6
v1,v2,v3,v4,v5,v6
v1,v2,v3,v4,v5,v6
v1,v2,v3,v4,v5,v6
v1,v2,v3,v4,v5,v6
v1,v2,v3,v4,v5,v6
v1,v2,v3,v4,v5,v6
v1,v2,v3,v4,v5,v6
v1,v2,v3,v4,v5,v6
v1,v2,v3,v4,v5,v6
v1,v2,v3,v4,v5,v6
v1 v2 COUNT
TRUE TRUE 1
TRUE FALSE 1
FALSE TRUE 33
FALSE FALSE 2

v1,v2,v3,v4,v5,v6
FROM table.win:xxx
stream
v1,v2,v3,v4,v5,v6
v1,v2,v3,v4,v5,v6
v1,v2,v3,v4,v5,v6
v1,v2,v3,v4,v5,v6
v1,v2,v3,v4,v5,v6
v1,v2,v3,v4,v5,v6
v1,v2,v3,v4,v5,v6
v1,v2,v3,v4,v5,v6
v1,v2,v3,v4,v5,v6
v1,v2,v3,v4,v5,v6
v1 v2 COUNT
TRUE TRUE 1
TRUE FALSE 1
FALSE TRUE 34
FALSE FALSE 2

FROM table.win:xxx
stream
v1,v2,v3,v4,v5,v6
v1,v2,v3,v4,v5,v6
v1,v2,v3,v4,v5,v6
v1,v2,v3,v4,v5,v6
v1,v2,v3,v4,v5,v6
v1,v2,v3,v4,v5,v6
v1 v2 COUNT
TRUE TRUE 1
TRUE FALSE 2
FALSE TRUE 37
FALSE FALSE 3
memory can store
internal data

Data window
Target time (or size) range of queries
Batch (or short-batch)
FROM-TO: WHERE dt >= ‘2014-07-07 00:00:00‘
AND dt <= ‘2014-07-08 23:59:59’
Stream
“Calculate this query for every 3 minutes”
Extended SQL required SELECT v1,v2,COUNT(*)
FROM table.win:xxx

Stream processing with SQL
Esper: Java library to process Stream
With schema

Esper EPL
SELECT param1, param2
FROM tbl
WHERE age > 30

SELECT param, COUNT(*) AS c
FROM tbl
WHERE age > 30
GROUP BY param
Esper EPL

SELECT param, COUNT(*) AS c
FROM tbl.win:time_batch(1 hour)
WHERE age > 30
GROUP BY param
Esper EPL

Norikra:
Schema-less Stream Processing with SQL
Server software, runs on JVM
Open source software (GPLv2)
http://norikra.github.io/
https://github.com/norikra/norikra

Norikra:
Schema-less event stream:
Add/Remove data ﬁelds whenever you want
SQL:
No more restarts to add/remove queries
w/ JOINs, w/ SubQueries
w/ UDF (in Java/Ruby from rubygem)
Truly Complex events:
Nested Hash/Array, accessible directly from SQL
HTTP RPC w/ JSON or MessagePack (ﬂuentd plugin available!)

How to setup Norikra:
Install JRuby
download jruby.tar.gz, extract it and export $PATH
‘rbenv install jruby-1.7.xx’ & ‘rbenv shell jruby-..’
Install Norikra
‘gem install norikra’
Execute Norikra server
‘norikra start’

Norikra Interface:
Command line: norikra-client
norikra-client target open ...
norikra-client query add ...
tail -f ... | norikra-client event send ...
WebUI
show status
show/add/remove queries
HTTP API
JSON, MessagePack

Norikra Queries: (1)
SELECT name, age
FROM events
target

SELECT name, age
FROM events
{“name”:”tagomoris”,
“age”:34, “address”:”Tokyo”,
“corp”:”LINE”, “current”:”Tsukuba”}
{“name”:”tagomoris”,”age”:34}

SELECT name, age
FROM events
nothing
“address”:”Tokyo”,

SELECT name, age
FROM events
WHERE current=”Tsukuba”
{“name”:”tagomoris”,”age”:34}

SELECT name, age
FROM events
nothing
{“name”:”kawashima”,
“age”:99, “address”:”Tsukuba”,
“corp”:”Univ”, “current”:”Dream”}

SELECT age, COUNT(*) as cnt
FROM events.win:time_batch(5 mins)
GROUP BY age

GROUP BY age
{”age”:34,”cnt”:3}, {“age”:33,”cnt”:1}, ...
every 5 mins

FROM
events.win:time_batch(5 mins)
GROUP BY age
{”age”:34,”cnt”:3}, {“age”:33,”cnt”:1}, ...
SELECT max(age) as max
FROM
events.win:time_batch(5 mins)
{“max”:51}
every 5 mins

GROUP BY age
“user:{“age”:34, “corp”:”LINE”,
“address”:”Tokyo”},
“current”:”Tsukuba”,
“speaker”:true,
“attend”:[true,true,false, ...]
}

SELECT user.age, COUNT(*) as cnt
GROUP BY user.age
“current”:”Tsukuba”,
“speaker”:true,
}

SELECT user.age, COUNT(*) as cnt
AND attend.$0 AND attend.$1
GROUP BY user.age
“current”:”Kyoto”,
“speaker”:true,
}

Use cases in real world
Enjoy following sessions!

More queries, more simplicity
and less latency.
Thanks!

See also:
http://norikra.github.io/
“Batch processing and Stream processing by SQL”
http://www.slideshare.net/tagomoris/hcj2014-sql
“Log analysis systems and its designs in LINE Corp 2014 Early”
http://www.slideshare.net/tagomoris/log-analysis-system-and-its-designs-in-
line-corp-2014-early
“Norikra in Action”
http://www.slideshare.net/tagomoris/norikra-in-action-ver-2014-spring

Stream processing and Norikra

More Related Content

What's hot (20)

Similar to Stream processing and Norikra (20)

More from SATOSHI TAGOMORI (20)

Stream processing and Norikra