tags:

views:

424

answers:

6
+3  Q: 

Implementing large scale log file analytics

Can anyone point me to a reference or provide a high level overview of how companies like Facebook, Yahoo, Google, etc al perform the large scale (e.g. multi-TB range) log analysis that they do for operations and especially web analytics?

Focusing on web analytics in particular, I'm interested in two closely-related aspects: query performance and data storage.

I know that the general approach is to use map reduce to distribute each query over a cluster (e.g. using Hadoop). However, what's the most efficient storage format to use? This is log data, so we can assume each event has a time stamp, and that in general the data is structured and not sparse. Most web analytics queries involve analyzing slices of data between two arbitrary timestamps and retrieving aggregate statistics or anomalies in that data.

Would a column-oriented DB like Big Table (or HBase) be an efficient way to store, and more importantly, query such data? Does the fact that you're selecting a subset of rows (based on timestamp) work against the basic premise of this type of storage? Would it be better to store it as unstructured data, eg. a reverse index?

+2  A: 

Have a look at the paper Interpreting the Data: Parallel Analysis with Sawzall by Google. This is a paper on the tool Google uses for log analysis.

marcog  2009-04-27 19:42:34
+3  A: 

Unfortunately there is no one size fits all answer.

I am currently using Cascading, Hadoop, S3, and Aster Data to process 100's Gigs a day through a staged pipeline inside of AWS.

Aster Data is used for the queries and reporting since it provides a SQL interface to the massive data sets cleaned and parsed by Cascading processes on Hadoop. Using the Cascading JDBC interfaces, loading Aster Data is quite a trivial process.

Keep in mind tools like HBase and Hypertable are Key/Value stores, so don't do ad-hoc queries and joins without the help of a MapReduce/Cascading app to perform the joins out of band, which is a very useful pattern.

in full disclosure, I am a developer on the Cascading project.

http://www.asterdata.com/

http://www.cascading.org/

cwensel  2009-04-28 17:09:57
+5  A: 

The book Hadoop: The definitive Guide by O'Reilly has a chapter which discusses how hadoop is used at two real-world companies.

http://my.safaribooksonline.com/9780596521974/ch14

caskey  2009-06-18 20:22:44
+1  A: 

There is a good case study here http://www.rightscale.com/bi about how CrowdStar is doing large scale log analytics.

 2009-09-17 15:00:47
A: 

Datameer (www.datameer.com) offers a solution for simplifying log file aggregation.

Teresa Wingfield  2010-07-13 17:46:10
A: 

To learn more about Facebook's analytics infrastructure, you can watch this video from the 2010 Hadoop Summit.

Jeff Hammerbacher  2010-10-04 11:57:20

related questions

How to make Linux GUI "usable" when lots of disk activity is happening
Lightweight Store Mechanisms
software that store data in flat file, what are common encoding/file format techniques
Game Terrain Database Model
Does Microsoft SkyDrive have an API?
What is the best way to store and search through object transactions?
Storing large numbers of varying size objects on disk
What's the best storage for SQL Server 2000?
why shrink a sqlserver 2005 database?
Best Application for storing code snippets
Halt storage access?
Where to store uploaded files (sound, pictures and video)
What is data area?
Distributed file source
How do I protect my file data from disk corruption?
High Availability Storage
Long term source code archiving: Is it possible?
C#: Create a virtual drive in Computer
keep rsync from removing unfinished source files
Generate disk usage graphs/charts with CLI only tools in Linux
What is the best way to partition terabyte drive in a linux development machine?
What's the best database storage device?
Storing a file in a database as opposed to the file system?
Closet server versus Colo?
Storing Images in DB - Yea or Nay?