fluent-plugin-norikra #fluentdcasual

fluent-plugin-norikra

Fluentd Casual Talks #32013/12/13(Fri)@tagomoris

13年12月13日金曜日

TAGOMORI Satoshi (@tagomoris)LINE Corp.

Hadoop, Fluentd, Norikra, ...



Norikra:Schema-less Stream Processing with SQL


Norikra(1):Schema-less event stream:

Add/Remove data fields whenever you want

SQL:No more restarts to add/remove queriesw/ JOINs, w/ SubQueriesw/ UDF

Truly Complex events:Nested Hash/Array, accessible directly from SQL


Norikra(2):Open source software:

Licensed under GPLv2Based on EsperUDF plugins from rubygems.org

Ultra-fast bootstrap & small start:3mins to install/start1 server


Norikra Queries: (1)

SELECT name, ageFROM events




{“name”:”tagomoris”, “age”:34, “address”:”Tokyo”, “corp”:”LINE”, “current”:”Shibuya”}

{“name”:”tagomoris”,”age”:34}




{“name”:”tagomoris”, “address”:”Tokyo”, “corp”:”LINE”, “current”:”Shibuya”}

nothing




WHERE current=”Shibuya”


{“name”:”tagomoris”,”age”:34}


Norikra Queries: (2){“name”:”kiyoto”, “age”:99, “address”:”CA”, “corp”:”TD”, “current”:”MV”}


WHERE current=”Shibuya”

nothing



SELECT age, COUNT(*) as cntFROM events.win:time_batch(5 mins)

GROUP BY age




GROUP BY age


{”age”:34,”cnt”:3}, {“age”:33,”cnt”:1}, ...

every 5 mins



SELECT age, COUNT(*) as cntFROM

events.win:time_batch(5 mins)GROUP BY age


{”age”:34,”cnt”:3}, {“age”:33,”cnt”:1}, ...every 5 mins

SELECT max(age) as maxFROM

events.win:time_batch(5 mins)

{“max”:51}




GROUP BY age

{“name”:”tagomoris”, “user:{“age”:34, “corp”:”LINE”, “address”:”Tokyo”}, “current”:”Shibuya”, “speaker”:true, “attend”:[true,true,false, ...]}



SELECT user.age, COUNT(*) as cntFROM events.win:time_batch(5 mins)

GROUP BY user.age




SELECT user.age, COUNT(*) as cntFROM events.win:time_batch(5 mins)

WHERE current=”Kyoto” AND attend.$0 AND attend.$1GROUP BY user.age



Before: Fluentd

<match for.target.service.application.logs> type numeric_monitor unit minute tag service.response output_key_prefix request_api aggregate all monitor_key api_response_time percentiles 50,90,95,98,99</match>

EACH SERVICES

... AND RESTART OF FLUENTD!!!!!!!!!!!!!!


After: Norikra

SELECT percentiles(api_response_time, [50,90,95,98,99]) AS pFROM target_service.win:time_batch(1 min)

EACH SERVICES!

WITHOUT ANY RESTARTS!


<match for.target.service.access.logs.**> type forest subtype datacounter remove_prefix httpstatus.count unit minute output_per_tag yes aggregate tag output_messages yes count_key status pattern1 success ^2\d\d tag_prefix datacount.httpstatus</match>

Before: Fluentd

... AND RESTART OF FLUENTD!!!!!!!!!!!!!!


After: Norikra

SELECT service, count(IF(status / 200 = 2, 1, NULL)) AS successFROM all_logs.win:time_batch(1 min)GROUP BY service

WITHOUT ANY RESTARTS!





in_norikraout_norikraout_norikra_filter


out_norikra

Fluentd Norikraout_norikra


in_norikra

FluentdNorikra in_norikra


out_norikra_filter

Fluentd

Norikra

out_norikra_filter


in/out_norikra and out_norikra_filter

out_norikra_filterFor Casual Use Cases / Fluentd CentricAutomated features

Server autostartQuery registration/fetches

in/out_norikraFor Norikra Users[NOT IMPLEMENTED: Distributed Norikra Support ]


Please Try andEnjoy Norikra!


Technology

fluent-plugin-norikra #fluentdcasual