Uploaded byfvanvollenhoven
2,010 views

Divolte Collector - meetup presentation

The document describes Divolte Collector, a tool for parsing and collecting structured event data from HTTP server logs and tags in real-time. It discusses options for accessing log/tag data, including parsing logs in Hadoop, streaming logs, and instrumenting pages with tags. It then outlines Divolte Collector's tag-based approach, how it structures and maps data, and how the tool can be configured to output events to Kafka or HDFS.

Embed presentation

Downloaded 86 times
Divolte Collector Because life’s too short for log file parsing GoDataDriven PROUDLY PART OF THE XEBIA GROUP @asnare / @fzk signal@godatadriven.com Andrew Snare / Friso van Vollenhoven
99% of all data in Hadoop 156.68.7.63 - - [28/Jul/1995:11:53:28 -0400] "GET /images/WORLD-logosmall.gif HTTP/1.0" 200 669 137.244.160.140 - - [28/Jul/1995:11:53:29 -0400] "GET /images/WORLD-logosmall.gif HTTP/1.0" 304 0 163.205.160.5 - - [28/Jul/1995:11:53:31 -0400] "GET /shuttle/countdown/ HTTP/1.0" 200 4324 163.205.160.5 - - [28/Jul/1995:11:53:40 -0400] "GET /shuttle/countdown/count70.gif HTTP/1.0" 200 46573 140.229.50.189 - - [28/Jul/1995:11:53:54 -0400] "GET /shuttle/missions/sts-67/images/images.html HTTP/1.0" 163.206.89.4 - - [28/Jul/1995:11:54:02 -0400] "GET /shuttle/technology/sts-newsref/sts-mps.html HTTP/1.0" 200 163.206.89.4 - - [28/Jul/1995:11:54:05 -0400] "GET /images/KSC-logosmall.gif HTTP/1.0" 200 1204 163.206.89.4 - - [28/Jul/1995:11:54:05 -0400] "GET /images/shuttle-patch-logo.gif HTTP/1.0" 200 891 131.110.53.48 - - [28/Jul/1995:11:54:07 -0400] "GET /shuttle/technology/sts-newsref/stsref-toc.html HTTP/1.0" 163.205.160.5 - - [28/Jul/1995:11:54:14 -0400] "GET /images/KSC-logosmall.gif HTTP/1.0" 200 1204 130.160.196.81 - - [28/Jul/1995:11:54:15 -0400] "GET /shuttle/resources/orbiters/challenger.html HTTP/1.0" 131.110.53.48 - - [28/Jul/1995:11:54:16 -0400] "GET /images/shuttle-patch-small.gif HTTP/1.0" 200 4179 137.244.160.140 - - [28/Jul/1995:11:54:16 -0400] "GET /shuttle/missions/sts-69/mission-sts-69.html HTTP/1.0" 131.110.53.48 - - [28/Jul/1995:11:54:18 -0400] "GET /images/KSC-logosmall.gif HTTP/1.0" 200 1204 131.110.53.48 - - [28/Jul/1995:11:54:19 -0400] "GET /images/launch-logo.gif HTTP/1.0" 200 1713 130.160.196.81 - - [28/Jul/1995:11:54:19 -0400] "GET /shuttle/resources/orbiters/challenger-logo.gif HTTP/1.0" 163.205.160.5 - - [28/Jul/1995:11:54:25 -0400] "GET /shuttle/missions/sts-70/images/images.html HTTP/1.0" 200 130.181.4.158 - - [28/Jul/1995:11:54:26 -0400] "GET /history/rocket-history.txt HTTP/1.0" 200 26990 137.244.160.140 - - [28/Jul/1995:11:54:30 -0400] "GET /images/KSC-logosmall.gif HTTP/1.0" 304 0 137.244.160.140 - - [28/Jul/1995:11:54:31 -0400] "GET /images/launch-logo.gif HTTP/1.0" 304 0 137.244.160.140 - - [28/Jul/1995:11:54:38 -0400] "GET /history/apollo/images/apollo-logo1.gif HTTP/1.0" 304 168.178.17.149 - - [28/Jul/1995:11:54:48 -0400] "GET /shuttle/missions/sts-65/mission-sts-65.html HTTP/1.0" 140.229.50.189 - - [28/Jul/1995:11:54:53 -0400] "GET /shuttle/missions/sts-67/images/KSC-95EC-0390.jpg HTTP/131.110.53.48 - - [28/Jul/1995:11:54:58 -0400] "GET /shuttle/missions/missions.html HTTP/1.0" 200 8677 131.110.53.48 - - [28/Jul/1995:11:55:02 -0400] "GET /images/launchmedium.gif HTTP/1.0" 200 11853 131.110.53.48 - - [28/Jul/1995:11:55:05 -0400] "GET /images/NASA-logosmall.gif HTTP/1.0" 200 786 128.159.111.141 - - [28/Jul/1995:11:55:09 -0400] "GET /procurement/procurement.html HTTP/1.0" 200 3499 128.159.111.141 - - [28/Jul/1995:11:55:10 -0400] "GET /images/op-logo-small.gif HTTP/1.0" 200 14915 128.159.111.141 - - [28/Jul/1995:11:55:11 -0400] "GET /images/NASA-logosmall.gif HTTP/1.0" 200 786 128.159.111.141 - - [28/Jul/1995:11:55:11 -0400] "GET /images/KSC-logosmall.gif HTTP/1.0" 200 1204 192.213.154.220 - - [28/Jul/1995:11:55:15 -0400] "GET /shuttle/countdown/tour.html HTTP/1.0" 200 4347
Typical web optimization architecture USER HTTP request: /org/apache/hadoop/io/IOUtils.html log transport service log event: 2012-07-01T06:00:02.500Z /org/apache/hadoop/io/IOUtils.html transport logs to compute cluster (e.g. recommendations) streaming log off line analytics / model training serve model result batch update model state processing streaming update model state
Parse HTTP server logs access.log
How did it get there? Option 1: parse HTTP server logs • Ship log files on a schedule • Parse using MapReduce jobs • Batch analytics jobs feed online systems
HTTP server log parsing • Inherently batch oriented • Schema-less (URL format is the schema) • Initial job to parse logs into structured format • Usually multiple versions of parsers required • Requires sessionizing • Logs usually have more than you ask for (bots, image requests, spiders, health check, etc.)
Stream HTTP server logs access.log Message Queue or Event Transport (Kafka, Flume, etc.) EVENTS tail -F EVENTS OTHER CONSUMERS
How did it get there? Option 2: stream HTTP server logs • tail -F logfiles • Use a queue for transport (e.g. Flume or Kafka) • Parse logs on the fly • Or write semi-schema’d logs, like JSON • Parse again for batch work load
Stream HTTP server logs • Allows for near real-time event handling when consuming from queues • Sessionizing? Duplicates? Bots? • Still requires parser logic • No schema
Tagging tracking traffic (asynchronous) index. html script. js tracking server access.log web server Message Queue or Event Transport (Kafka, Flume, etc.) EVENTS OTHER CONSUMERS web page traffic structured events structured events
How did it get there? Option 3: tagging • Instrument pages with special ‘tag’, i.e. special JavaScript or image just for logging the request • Create special endpoint that handles the tag request in a structured way • Tag endpoint handles logging the events
Tagging • Not a new idea (Google Analytics, Omniture, etc.) • Less garbage traffic, because a browser is required to evaluate the tag • Event logging is asynchronous • Easier to do inflight processing (apply a schema, add enrichments, etc.) • Allows for custom events (other than page view)
Also… • Manage session through cookies on the client side • Incoming data is already sessionized • Extract additional information from clients • Screen resolution • Viewport size • Timezone
Looks familiar? <script> (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){ (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o), m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m) })(window,document,'script','//www.google-analytics.com/analytics.js','ga'); ! ga('create', 'UA-40578233-2', 'godatadriven.com'); ga('send', 'pageview'); ! </script>
Divolte Collector Tag based click stream data collection for Hadoop and Kafka.
Divolte Collector tracking traffic (asynchronous) index. html script. js tracking server access.log web server Message Queue or Event Transport (Kafka, Flume, etc.) EVENTS OTHER CONSUMERS web page traffic structured events structured events
The TAG <script src="//tr.example.com/divolte.js" defer async> </script>
Schema! { "namespace": "com.example.record", "type": "record", "name": "ClickEventRecord", "fields": [ { "name": "productNumber", "type": ["null", "string"], "default": null }, { "name": "shop", "type": ["null", "string"], "default": null }, { "name": "category", "type": ["null", "string"], "default": null }, { "name": "advisor", "type": ["null", "string"], "default": null }, { "name": "searchPhrase", "type": ["null", "string"], "default": null }, { "name": "basketProductNumber", "type": ["null", "string"], "default": null }, { "name": "basketSizeCode", "type": ["null", "string"], "default": null }, { "name": "basketProductCount", "type": ["null", "string"], "default": null } ] }
Mapping // Page type detector: // http://.../basket basket = "^https?://[^/]+/basket(?:[?#].*)?$" ! // Page type detector: // http://.../search?q=fiets search = "^https?://[^/]+/search?.*$" ! // Page type detector: // http://.../checkout checkout = "^https?://[^/]+/checkout(?:[?#].*)?$" ! // Page type detector: // http://.../thankyou payment_ok = "^https://[^/]+/thankyou(?:[?#].*)?$"
Mapping pageType { type = regex_name regexes = [ home, category, shop, basket, search, customercare ] field = location } productNumber { type = regex_group regex = pdp field = location group = product } viewportPixelWidth = viewportPixelWidth viewportPixelHeight = viewportPixelHeight screenPixelWidth = screenPixelWidth screenPixelHeight = screenPixelHeight
Configure divolte { server { host = 0.0.0.0 use_x_forwarded_for = true landing_page = false } ! tracking { cookie_domain = .example.com include "click-schema-mapping.conf" schema_file = /etc/divolte/ClickEventRecord.avsc } ! …
Configure kafka_flusher { enabled = true producer = { metadata.broker.list = [ "broker1:9092", "broker2:9092", "broker3:9092" ] } } ! …
Configure hdfs_flusher { hdfs { replication = 3 } ! simple_rolling_file_strategy { roll_every = 60 minutes sync_file_after_records = 1000 sync_file_after_duration = 10 seconds ! working_dir = /divolte/inflight publish_dir = /divolte/published } } }
Run ./bin/divolte-collector
Demo: Javadoc analytics! javadoc -d outputdir -bottom '<script src="//localhost:8290/divolte.js" defer async></script>' -subpackages .
Kafka event consumer
private static class JavadocEventHandler implements EventHandler<JavadocEventRecord> { private static final String TCP_SERVER_HOST = "127.0.0.1"; private static final int TCP_SERVER_PORT = 1234; ! private Socket socket = null; private OutputStream stream; ! @Override public void setup() throws Exception { socket = new Socket(TCP_SERVER_HOST, TCP_SERVER_PORT); stream = socket.getOutputStream(); } ! @Override public void handle(JavadocEventRecord event) throws Exception { if (!event.getDetectedDuplicate()) { // Avro's toString already produces JSON. stream.write(event.toString().getBytes(StandardCharsets.UTF_8)); stream.write("n".getBytes(StandardCharsets.UTF_8)); } } ! @Override public void shutdown() throws Exception { if (null != stream) stream.close(); if (null != socket) socket.close(); } }
public static void main(String[] args) { final DivolteKafkaConsumer<JavadocEventRecord> consumer = DivolteKafkaConsumer.createConsumer( KAFKA_TOPIC, ZOOKEEPER_QUORUM, KAFKA_CONSUMER_GROUP_ID, NUM_CONSUMER_THREADS, () -> new JavadocEventHandler(), JavadocEventRecord.getClassSchema()); ! Runtime.getRuntime().addShutdownHook(new Thread(() -> { System.out.println("Shutting down consumer."); consumer.shutdownConsumer(); })); ! System.out.println("Starting consumer."); consumer.startConsumer(); }
SQL FTW!
CREATE EXTERNAL TABLE javadoc_analytics ( firstInSession boolean -- other fields are created automatically from schema ) ROW FORMAT SERDE 'org.apache.hadoop.hive.serde2.avro.AvroSerDe' STORED AS INPUTFORMAT 'org.apache.hadoop.hive.ql.io.avro.AvroContainerInputFormat' OUTPUTFORMAT 'org.apache.hadoop.hive.ql.io.avro.AvroContainerOutputFormat' LOCATION '/divolte/published' TBLPROPERTIES ( 'avro.schema.url'='hdfs:///JavadocEventRecord.avsc' );
Python & Spark
export IPYTHON=1 export IPYTHON_OPTS="notebook --ip=0.0.0.0" pyspark --jars divolte-spark-assembly-0.1.jar --driver-class-path divolte-spark-assembly-0.1.jar --num-executors 40
Spark & Spark Streaming
import io.divolte.spark.avro._ import org.apache.avro.generic.IndexedRecord import org.apache.spark.SparkContext import org.apache.spark.SparkContext._ ! val sc = new SparkContext() val events = sc.newAvroFile[IndexedRecord](path) ! // And then… val records = events.toRecords // or val eventFields = events.fields("sessionId", "location", "timestamp")
// Kafka configuration. val consumerConfig = Map( "group.id" -> "some-id-for-the-consumer-group", "zookeeper.connect" -> "zookeeper-connect-string", "auto.commit.interval.ms" -> "5000", "auto.offset.reset" -> "largest" ) val topicSettings = Map("divolte" -> Runtime.getRuntime.availableProcessors()) ! val sc = new SparkContext() val ssc = new StreamingContext(sc, Seconds(15)) ! // Establish the source event stream. val stream = ssc.divolteStream[GenericRecord](consumerConfig, topicSettings, StorageLevel.MEMORY_ONLY) ! // And then… val eventStream = stream.toRecords // or val locationStream = stream.fields("location")
Also in the box
Zero config deploy • Easy to use for local development •Works out of the box with zero custom config • Comes with a built in schema and mapping •Works on local machine without Hadoop • Flushes to /tmp on local file system
Collector has no global state • Load balancer friendly • Horizontally scalable • Shared nothing • (other than HDFS and Kafka)
In stream de-duplication • The internet is a mean place; data will have noise • In stream hash based de-duplication • Low false negative rate • Virtually zero false positive rate • Requires URI based routing from load balancer • Easy to setup on nginx • Supported on many hardware load balancers
Corrupt request detection • The internet is still a mean place… Some URLS are truncated • Incomplete events detected and discarded
Defeat Chrome’s pre-rendering • Chrome sometimes speculatively pre-renders pages in the background • This triggers JS even if the page is not shown • Unless you use the Page Visibility API to detect this •Which we do •We take care of many other JS caveats as well
Custom events • Divolte presents itself as a JS library • Map custom event parameters directly onto Avro fields <!-- client side --> <script> divolte.signal("addToBasket", { count: 2, productId: "a3bc38de" }) </script> // server side mapping eventType = eventType ! basketProductId { type = event_parameter name = productId }
Bring your own IDs • Generate page view ID on server side • Possible to relate server side logging to page views and other client side events <script src="//…/divolte.js#a28de3bf42a5dc98c03" defer async> </script>
User agent parsing • On the fly parsing of user agent string • Uses: http://uadetector.sourceforge.net/ • Updates user agent database at runtime without restart
IP to geo coordinates • On the fly enrichment with geo coordinates based on IP address • MaxMind geoIP database • https://www.maxmind.com/en/geoip2-databases • Updates database at runtime without restart • Sets: • Latitude & longitude • Country, City, Subdivision
https://github.com/divolte/divolte-collector https://github.com/divolte/divolte-examples https://github.com/divolte/divolte-kafka-consumer https://github.com/divolte/divolte-spark
GoDataDriven We’re hiring / Questions? / Thank you! @asnare / @fzk signal@godatadriven.com Andrew Snare / Friso van Vollenhoven

More Related Content

PPT
vBACD - Introduction to Opscode Chef - 2/29
byCloudStack - Open Source Cloud Computing Project
 
PDF
Prototyping online ML with Divolte Collector
byfvanvollenhoven
 
PDF
Getting physical with web bluetooth in the browser hackference
byDan Jenkins
 
KEY
fog or: How I Learned to Stop Worrying and Love the Cloud (OpenStack Edition)
byWesley Beary
 
PDF
Advanced iOS Build Mechanics, Sebastien Pouliot
byXamarin
 
PDF
Prototyping in the cloud
byKirsten Hunter
 
PDF
Getting physical with web bluetooth in the browser
byDan Jenkins
 
PDF
Getting physical with web bluetooth in the browser
byDan Jenkins
 
vBACD - Introduction to Opscode Chef - 2/29
byCloudStack - Open Source Cloud Computing Project
 
Prototyping online ML with Divolte Collector
byfvanvollenhoven
 
Getting physical with web bluetooth in the browser hackference
byDan Jenkins
 
fog or: How I Learned to Stop Worrying and Love the Cloud (OpenStack Edition)
byWesley Beary
 
Advanced iOS Build Mechanics, Sebastien Pouliot
byXamarin
 
Prototyping in the cloud
byKirsten Hunter
 
Getting physical with web bluetooth in the browser
byDan Jenkins
 
Getting physical with web bluetooth in the browser
byDan Jenkins
 

What's hot

PPTX
Best Practices in Handling Performance Issues
byOdoo
 
PPTX
Sling tracer and Chrome Plugin to the Rescue
byChetan Mehrotra
 
PDF
Systems Bioinformatics Workshop Keynote
byDeepak Singh
 
PDF
An introduction to cgroups and cgroupspy
byvpetersson
 
PPTX
Eddystone Beacons - Physical Web - Giving a URL to All Objects
byJeff Prestes
 
PDF
Testing http calls with Webmock and VCR
byKerry Buckley
 
PDF
How we use and deploy Varnish at Opera
byCosimo Streppone
 
PDF
Future Decoded - Node.js per sviluppatori .NET
byGianluca Carucci
 
PDF
Cross Domain Web
Mashups with JQuery and Google App Engine
byAndy McKay
 
PDF
VUG5: Varnish at Opera Software
byCosimo Streppone
 
PDF
Google Back To Front: From Gears to App Engine and Beyond
bydion
 
PDF
Velocity 2014 nyc WebPagetest private instances
byPatrick Meenan
 
PPTX
Progressive What Apps?
byPatrick Kettner
 
PDF
Py conkr 20150829_docker-python
byEric Ahn
 
PDF
Bluetooth Beacon Tracking on a Budget
byBlaine Carter
 
KEY
TDD of HTTP Clients With WebMock
byBartosz Blimke
 
PPTX
Beacons, Raspberry Pi & Node.js
byJeff Prestes
 
PDF
Web Audio API + AngularJS
byChris Bateman
 
Best Practices in Handling Performance Issues
byOdoo
 
Sling tracer and Chrome Plugin to the Rescue
byChetan Mehrotra
 
Systems Bioinformatics Workshop Keynote
byDeepak Singh
 
An introduction to cgroups and cgroupspy
byvpetersson
 
Eddystone Beacons - Physical Web - Giving a URL to All Objects
byJeff Prestes
 
Testing http calls with Webmock and VCR
byKerry Buckley
 
How we use and deploy Varnish at Opera
byCosimo Streppone
 
Future Decoded - Node.js per sviluppatori .NET
byGianluca Carucci
 
Cross Domain Web
Mashups with JQuery and Google App Engine
byAndy McKay
 
VUG5: Varnish at Opera Software
byCosimo Streppone
 
Google Back To Front: From Gears to App Engine and Beyond
bydion
 
Velocity 2014 nyc WebPagetest private instances
byPatrick Meenan
 
Progressive What Apps?
byPatrick Kettner
 
Py conkr 20150829_docker-python
byEric Ahn
 
Bluetooth Beacon Tracking on a Budget
byBlaine Carter
 
TDD of HTTP Clients With WebMock
byBartosz Blimke
 
Beacons, Raspberry Pi & Node.js
byJeff Prestes
 
Web Audio API + AngularJS
byChris Bateman
 

Viewers also liked

PDF
Divolte collector overview
byGoDataDriven
 
PDF
Network analysis with Hadoop and Neo4j
byfvanvollenhoven
 
PDF
Snowplow at Sigfig
byyalisassoon
 
PDF
Event Stream Processing with Kafka and Samza
byZach Cox
 
PDF
Sea Amsterdam 2014 November 19
byGoDataDriven
 
PDF
Kafka and Stream Processing, Taking Analytics Real-time, Mike Spicer
byconfluent
 
PDF
Apache Spark Talk for Applied machine learning
byGoDataDriven
 
PDF
Google Analytics vs. Omniture Comparative Guide
byJimmy Jay
 
PDF
Real time data driven applications (and SQL vs NoSQL databases)
byGoDataDriven
 
Divolte collector overview
byGoDataDriven
 
Network analysis with Hadoop and Neo4j
byfvanvollenhoven
 
Snowplow at Sigfig
byyalisassoon
 
Event Stream Processing with Kafka and Samza
byZach Cox
 
Sea Amsterdam 2014 November 19
byGoDataDriven
 
Kafka and Stream Processing, Taking Analytics Real-time, Mike Spicer
byconfluent
 
Apache Spark Talk for Applied machine learning
byGoDataDriven
 
Google Analytics vs. Omniture Comparative Guide
byJimmy Jay
 
Real time data driven applications (and SQL vs NoSQL databases)
byGoDataDriven
 

Similar to Divolte Collector - meetup presentation

PDF
JDD2014: Real Big Data - Scott MacGregor
byPROIDEA
 
PDF
Building a Sustainable Data Platform on AWS
bySmartNews, Inc.
 
PDF
Streaming Visualisation
byGuido Schmutz
 
PPTX
Hadoop project design and a usecase
bysudhakara st
 
PPTX
Realtime Detection of DDOS attacks using Apache Spark and MLLib
byRyan Bosshart
 
PDF
Online machine Learning with Divolte
byGoDataDriven
 
PPTX
dumb
bydanirayan
 
PDF
A Morning with MongoDB Barcelona: Use Cases and Roadmap
byMongoDB
 
DOCX
Log management with_logstash_and_elastic_search
byRishav Rohit
 
PPTX
Leveraging Hadoop in Polyglot Architectures
byThanigai Vellore
 
PPTX
KDD 2016 Streaming Analytics Tutorial
byNeera Agarwal
 
PDF
Getting Started with Hadoop
byJosh Devins
 
PDF
Routing trillion events per day @twitter
bylohitvijayarenu
 
PDF
Event Driven Streaming Analytics - Demostration on Architecture of IoT
byLei Xu
 
PPTX
dumb
bydanirayan
 
PPTX
Big data analytics with hadoop volume 2
byImviplav
 
PDF
Web Services Hadoop Summit 2012
byHortonworks
 
PDF
Activity feeds (and more) at mate1
byHisham Mardam-Bey
 
PDF
Fluentd meetup at Slideshare
bySadayuki Furuhashi
 
PDF
Applications of Big Data & Hadoop
bySeo Gyansha
 
JDD2014: Real Big Data - Scott MacGregor
byPROIDEA
 
Building a Sustainable Data Platform on AWS
bySmartNews, Inc.
 
Streaming Visualisation
byGuido Schmutz
 
Hadoop project design and a usecase
bysudhakara st
 
Realtime Detection of DDOS attacks using Apache Spark and MLLib
byRyan Bosshart
 
Online machine Learning with Divolte
byGoDataDriven
 
dumb
bydanirayan
 
A Morning with MongoDB Barcelona: Use Cases and Roadmap
byMongoDB
 
Log management with_logstash_and_elastic_search
byRishav Rohit
 
Leveraging Hadoop in Polyglot Architectures
byThanigai Vellore
 
KDD 2016 Streaming Analytics Tutorial
byNeera Agarwal
 
Getting Started with Hadoop
byJosh Devins
 
Routing trillion events per day @twitter
bylohitvijayarenu
 
Event Driven Streaming Analytics - Demostration on Architecture of IoT
byLei Xu
 
dumb
bydanirayan
 
Big data analytics with hadoop volume 2
byImviplav
 
Web Services Hadoop Summit 2012
byHortonworks
 
Activity feeds (and more) at mate1
byHisham Mardam-Bey
 
Fluentd meetup at Slideshare
bySadayuki Furuhashi
 
Applications of Big Data & Hadoop
bySeo Gyansha
 

More from fvanvollenhoven

PDF
Hadoop, HDFS and MapReduce
byfvanvollenhoven
 
PDF
GOTO 2011 preso: 3x Hadoop
byfvanvollenhoven
 
PDF
RuG Guest Lecture
byfvanvollenhoven
 
PDF
JFall 2011 no sql workshop
byfvanvollenhoven
 
PDF
Apache Spark talk @ The Amsterdam Applied Machine Learning meetup group
byfvanvollenhoven
 
PDF
NoSQL War Stories preso: Hadoop and Neo4j for networks
byfvanvollenhoven
 
PDF
Xebicon 2015 - Go Data Driven NOW!
byfvanvollenhoven
 
KEY
Berlin Buzzwords preso
byfvanvollenhoven
 
Hadoop, HDFS and MapReduce
byfvanvollenhoven
 
GOTO 2011 preso: 3x Hadoop
byfvanvollenhoven
 
RuG Guest Lecture
byfvanvollenhoven
 
JFall 2011 no sql workshop
byfvanvollenhoven
 
Apache Spark talk @ The Amsterdam Applied Machine Learning meetup group
byfvanvollenhoven
 
NoSQL War Stories preso: Hadoop and Neo4j for networks
byfvanvollenhoven
 
Xebicon 2015 - Go Data Driven NOW!
byfvanvollenhoven
 
Berlin Buzzwords preso
byfvanvollenhoven
 

Recently uploaded

PDF
Mulesoft Meetup Online Portuguese: MCP e IA
byPedro Baroni
 
PDF
Parallel Computing BCS702 Module notes of the vtu college 7th sem 4.pdf
byMatheshVishnu
 
PDF
[DevFest Strasbourg 2025] - NodeJs Can do that !!
bymoassiongbon
 
PDF
[BDD 2025 - Mobile Development] Mobile Engineer and Software Engineer: Are we...
bywintari3
 
PDF
[BDD 2025 - Full-Stack Development] Digital Accessibility: Why Developers nee...
bywintari3
 
PDF
PCCC25(設立25年記念PCクラスタシンポジウム):エヌビディア合同会社 テーマ2「NVIDIA BlueField-4 DPU」
byPC Cluster Consortium
 
PDF
Mastering UiPath Maestro – Session 2 – Building a Live Use Case - Session 2
byDianaGray10
 
PDF
Accessibility & Inclusion: What Comes Next. Presentation of the Digital Acces...
byAssociazione Digital Days
 
PDF
Open Source Post-Quantum Cryptography - Matt Caswell
byAll Things Open
 
PDF
[BDD 2025 - Full-Stack Development] The Modern Stack: Building Web & AI Appli...
byWintari Yasmin
 
PDF
Transforming Content Operations in the Age of AI
byEnterprise Knowledge
 
PDF
[BDD 2025 - Artificial Intelligence] Building AI Systems That Users (and Comp...
byWintari Yasmin
 
PDF
Top Crypto Supers 15th Report November 2025
byStephen Perrenod
 
PDF
[BDD 2025 - Full-Stack Development] PHP in AI Age: The Laravel Way. (Rizqy Hi...
byWintari Yasmin
 
PPTX
Guardrails in Action - Ensuring Safe AI with Azure AI Content Safety.pptx
byUdaiappa Ramachandran
 
PDF
The Necessity of Digital Forensics, the Digital Forensics Process & Laborator...
bychrstnpetwinchester
 
PDF
Crane Accident Prevention Guide: Key OSHA Regulations for Safer Operations
bySharpEagle Technology
 
PDF
Integrating AI with Meaningful Human Collaboration
byCadabra Studio
 
PDF
Cybersecurity Prevention and Detection: Unit 2
byVICTOR MAESTRE RAMIREZ
 
PDF
The partnership effect: Libraries and publishers on collaborating and thrivin...
byBookNet Canada
 
Mulesoft Meetup Online Portuguese: MCP e IA
byPedro Baroni
 
Parallel Computing BCS702 Module notes of the vtu college 7th sem 4.pdf
byMatheshVishnu
 
[DevFest Strasbourg 2025] - NodeJs Can do that !!
bymoassiongbon
 
[BDD 2025 - Mobile Development] Mobile Engineer and Software Engineer: Are we...
bywintari3
 
[BDD 2025 - Full-Stack Development] Digital Accessibility: Why Developers nee...
bywintari3
 
PCCC25(設立25年記念PCクラスタシンポジウム):エヌビディア合同会社 テーマ2「NVIDIA BlueField-4 DPU」
byPC Cluster Consortium
 
Mastering UiPath Maestro – Session 2 – Building a Live Use Case - Session 2
byDianaGray10
 
Accessibility & Inclusion: What Comes Next. Presentation of the Digital Acces...
byAssociazione Digital Days
 
Open Source Post-Quantum Cryptography - Matt Caswell
byAll Things Open
 
[BDD 2025 - Full-Stack Development] The Modern Stack: Building Web & AI Appli...
byWintari Yasmin
 
Transforming Content Operations in the Age of AI
byEnterprise Knowledge
 
[BDD 2025 - Artificial Intelligence] Building AI Systems That Users (and Comp...
byWintari Yasmin
 
Top Crypto Supers 15th Report November 2025
byStephen Perrenod
 
[BDD 2025 - Full-Stack Development] PHP in AI Age: The Laravel Way. (Rizqy Hi...
byWintari Yasmin
 
Guardrails in Action - Ensuring Safe AI with Azure AI Content Safety.pptx
byUdaiappa Ramachandran
 
The Necessity of Digital Forensics, the Digital Forensics Process & Laborator...
bychrstnpetwinchester
 
Crane Accident Prevention Guide: Key OSHA Regulations for Safer Operations
bySharpEagle Technology
 
Integrating AI with Meaningful Human Collaboration
byCadabra Studio
 
Cybersecurity Prevention and Detection: Unit 2
byVICTOR MAESTRE RAMIREZ
 
The partnership effect: Libraries and publishers on collaborating and thrivin...
byBookNet Canada
 

Divolte Collector - meetup presentation

  • 1.
    Divolte Collector Becauselife’s too short for log file parsing GoDataDriven PROUDLY PART OF THE XEBIA GROUP @asnare / @fzk signal@godatadriven.com Andrew Snare / Friso van Vollenhoven
  • 2.
    99% of alldata in Hadoop 156.68.7.63 - - [28/Jul/1995:11:53:28 -0400] "GET /images/WORLD-logosmall.gif HTTP/1.0" 200 669 137.244.160.140 - - [28/Jul/1995:11:53:29 -0400] "GET /images/WORLD-logosmall.gif HTTP/1.0" 304 0 163.205.160.5 - - [28/Jul/1995:11:53:31 -0400] "GET /shuttle/countdown/ HTTP/1.0" 200 4324 163.205.160.5 - - [28/Jul/1995:11:53:40 -0400] "GET /shuttle/countdown/count70.gif HTTP/1.0" 200 46573 140.229.50.189 - - [28/Jul/1995:11:53:54 -0400] "GET /shuttle/missions/sts-67/images/images.html HTTP/1.0" 163.206.89.4 - - [28/Jul/1995:11:54:02 -0400] "GET /shuttle/technology/sts-newsref/sts-mps.html HTTP/1.0" 200 163.206.89.4 - - [28/Jul/1995:11:54:05 -0400] "GET /images/KSC-logosmall.gif HTTP/1.0" 200 1204 163.206.89.4 - - [28/Jul/1995:11:54:05 -0400] "GET /images/shuttle-patch-logo.gif HTTP/1.0" 200 891 131.110.53.48 - - [28/Jul/1995:11:54:07 -0400] "GET /shuttle/technology/sts-newsref/stsref-toc.html HTTP/1.0" 163.205.160.5 - - [28/Jul/1995:11:54:14 -0400] "GET /images/KSC-logosmall.gif HTTP/1.0" 200 1204 130.160.196.81 - - [28/Jul/1995:11:54:15 -0400] "GET /shuttle/resources/orbiters/challenger.html HTTP/1.0" 131.110.53.48 - - [28/Jul/1995:11:54:16 -0400] "GET /images/shuttle-patch-small.gif HTTP/1.0" 200 4179 137.244.160.140 - - [28/Jul/1995:11:54:16 -0400] "GET /shuttle/missions/sts-69/mission-sts-69.html HTTP/1.0" 131.110.53.48 - - [28/Jul/1995:11:54:18 -0400] "GET /images/KSC-logosmall.gif HTTP/1.0" 200 1204 131.110.53.48 - - [28/Jul/1995:11:54:19 -0400] "GET /images/launch-logo.gif HTTP/1.0" 200 1713 130.160.196.81 - - [28/Jul/1995:11:54:19 -0400] "GET /shuttle/resources/orbiters/challenger-logo.gif HTTP/1.0" 163.205.160.5 - - [28/Jul/1995:11:54:25 -0400] "GET /shuttle/missions/sts-70/images/images.html HTTP/1.0" 200 130.181.4.158 - - [28/Jul/1995:11:54:26 -0400] "GET /history/rocket-history.txt HTTP/1.0" 200 26990 137.244.160.140 - - [28/Jul/1995:11:54:30 -0400] "GET /images/KSC-logosmall.gif HTTP/1.0" 304 0 137.244.160.140 - - [28/Jul/1995:11:54:31 -0400] "GET /images/launch-logo.gif HTTP/1.0" 304 0 137.244.160.140 - - [28/Jul/1995:11:54:38 -0400] "GET /history/apollo/images/apollo-logo1.gif HTTP/1.0" 304 168.178.17.149 - - [28/Jul/1995:11:54:48 -0400] "GET /shuttle/missions/sts-65/mission-sts-65.html HTTP/1.0" 140.229.50.189 - - [28/Jul/1995:11:54:53 -0400] "GET /shuttle/missions/sts-67/images/KSC-95EC-0390.jpg HTTP/131.110.53.48 - - [28/Jul/1995:11:54:58 -0400] "GET /shuttle/missions/missions.html HTTP/1.0" 200 8677 131.110.53.48 - - [28/Jul/1995:11:55:02 -0400] "GET /images/launchmedium.gif HTTP/1.0" 200 11853 131.110.53.48 - - [28/Jul/1995:11:55:05 -0400] "GET /images/NASA-logosmall.gif HTTP/1.0" 200 786 128.159.111.141 - - [28/Jul/1995:11:55:09 -0400] "GET /procurement/procurement.html HTTP/1.0" 200 3499 128.159.111.141 - - [28/Jul/1995:11:55:10 -0400] "GET /images/op-logo-small.gif HTTP/1.0" 200 14915 128.159.111.141 - - [28/Jul/1995:11:55:11 -0400] "GET /images/NASA-logosmall.gif HTTP/1.0" 200 786 128.159.111.141 - - [28/Jul/1995:11:55:11 -0400] "GET /images/KSC-logosmall.gif HTTP/1.0" 200 1204 192.213.154.220 - - [28/Jul/1995:11:55:15 -0400] "GET /shuttle/countdown/tour.html HTTP/1.0" 200 4347
  • 4.
    Typical web optimizationarchitecture USER HTTP request: /org/apache/hadoop/io/IOUtils.html log transport service log event: 2012-07-01T06:00:02.500Z /org/apache/hadoop/io/IOUtils.html transport logs to compute cluster (e.g. recommendations) streaming log off line analytics / model training serve model result batch update model state processing streaming update model state
  • 5.
    Parse HTTP serverlogs access.log
  • 6.
    How did itget there? Option 1: parse HTTP server logs • Ship log files on a schedule • Parse using MapReduce jobs • Batch analytics jobs feed online systems
  • 7.
    HTTP server logparsing • Inherently batch oriented • Schema-less (URL format is the schema) • Initial job to parse logs into structured format • Usually multiple versions of parsers required • Requires sessionizing • Logs usually have more than you ask for (bots, image requests, spiders, health check, etc.)
  • 8.
    Stream HTTP serverlogs access.log Message Queue or Event Transport (Kafka, Flume, etc.) EVENTS tail -F EVENTS OTHER CONSUMERS
  • 9.
    How did itget there? Option 2: stream HTTP server logs • tail -F logfiles • Use a queue for transport (e.g. Flume or Kafka) • Parse logs on the fly • Or write semi-schema’d logs, like JSON • Parse again for batch work load
  • 10.
    Stream HTTP serverlogs • Allows for near real-time event handling when consuming from queues • Sessionizing? Duplicates? Bots? • Still requires parser logic • No schema
  • 11.
    Tagging tracking traffic (asynchronous) index. html script. js tracking server access.log web server Message Queue or Event Transport (Kafka, Flume, etc.) EVENTS OTHER CONSUMERS web page traffic structured events structured events
  • 12.
    How did itget there? Option 3: tagging • Instrument pages with special ‘tag’, i.e. special JavaScript or image just for logging the request • Create special endpoint that handles the tag request in a structured way • Tag endpoint handles logging the events
  • 13.
    Tagging • Nota new idea (Google Analytics, Omniture, etc.) • Less garbage traffic, because a browser is required to evaluate the tag • Event logging is asynchronous • Easier to do inflight processing (apply a schema, add enrichments, etc.) • Allows for custom events (other than page view)
  • 14.
    Also… • Managesession through cookies on the client side • Incoming data is already sessionized • Extract additional information from clients • Screen resolution • Viewport size • Timezone
  • 15.
    Looks familiar? <script> (function(i,s,o,g,r,a,m){i['GoogleAnalyticsObject']=r;i[r]=i[r]||function(){ (i[r].q=i[r].q||[]).push(arguments)},i[r].l=1*new Date();a=s.createElement(o), m=s.getElementsByTagName(o)[0];a.async=1;a.src=g;m.parentNode.insertBefore(a,m) })(window,document,'script','//www.google-analytics.com/analytics.js','ga'); ! ga('create', 'UA-40578233-2', 'godatadriven.com'); ga('send', 'pageview'); ! </script>
  • 16.
    Divolte Collector Tagbased click stream data collection for Hadoop and Kafka.
  • 17.
    Divolte Collector trackingtraffic (asynchronous) index. html script. js tracking server access.log web server Message Queue or Event Transport (Kafka, Flume, etc.) EVENTS OTHER CONSUMERS web page traffic structured events structured events
  • 18.
    The TAG <scriptsrc="//tr.example.com/divolte.js" defer async> </script>
  • 19.
    Schema! { "namespace":"com.example.record", "type": "record", "name": "ClickEventRecord", "fields": [ { "name": "productNumber", "type": ["null", "string"], "default": null }, { "name": "shop", "type": ["null", "string"], "default": null }, { "name": "category", "type": ["null", "string"], "default": null }, { "name": "advisor", "type": ["null", "string"], "default": null }, { "name": "searchPhrase", "type": ["null", "string"], "default": null }, { "name": "basketProductNumber", "type": ["null", "string"], "default": null }, { "name": "basketSizeCode", "type": ["null", "string"], "default": null }, { "name": "basketProductCount", "type": ["null", "string"], "default": null } ] }
  • 20.
    Mapping // Pagetype detector: // http://.../basket basket = "^https?://[^/]+/basket(?:[?#].*)?$" ! // Page type detector: // http://.../search?q=fiets search = "^https?://[^/]+/search?.*$" ! // Page type detector: // http://.../checkout checkout = "^https?://[^/]+/checkout(?:[?#].*)?$" ! // Page type detector: // http://.../thankyou payment_ok = "^https://[^/]+/thankyou(?:[?#].*)?$"
  • 21.
    Mapping pageType { type = regex_name regexes = [ home, category, shop, basket, search, customercare ] field = location } productNumber { type = regex_group regex = pdp field = location group = product } viewportPixelWidth = viewportPixelWidth viewportPixelHeight = viewportPixelHeight screenPixelWidth = screenPixelWidth screenPixelHeight = screenPixelHeight
  • 22.
    Configure divolte { server { host = 0.0.0.0 use_x_forwarded_for = true landing_page = false } ! tracking { cookie_domain = .example.com include "click-schema-mapping.conf" schema_file = /etc/divolte/ClickEventRecord.avsc } ! …
  • 23.
    Configure kafka_flusher { enabled = true producer = { metadata.broker.list = [ "broker1:9092", "broker2:9092", "broker3:9092" ] } } ! …
  • 24.
    Configure hdfs_flusher { hdfs { replication = 3 } ! simple_rolling_file_strategy { roll_every = 60 minutes sync_file_after_records = 1000 sync_file_after_duration = 10 seconds ! working_dir = /divolte/inflight publish_dir = /divolte/published } } }
  • 25.
  • 26.
    Demo: Javadoc analytics! javadoc -d outputdir -bottom '<script src="//localhost:8290/divolte.js" defer async></script>' -subpackages .
  • 27.
  • 28.
    private static classJavadocEventHandler implements EventHandler<JavadocEventRecord> { private static final String TCP_SERVER_HOST = "127.0.0.1"; private static final int TCP_SERVER_PORT = 1234; ! private Socket socket = null; private OutputStream stream; ! @Override public void setup() throws Exception { socket = new Socket(TCP_SERVER_HOST, TCP_SERVER_PORT); stream = socket.getOutputStream(); } ! @Override public void handle(JavadocEventRecord event) throws Exception { if (!event.getDetectedDuplicate()) { // Avro's toString already produces JSON. stream.write(event.toString().getBytes(StandardCharsets.UTF_8)); stream.write("n".getBytes(StandardCharsets.UTF_8)); } } ! @Override public void shutdown() throws Exception { if (null != stream) stream.close(); if (null != socket) socket.close(); } }
  • 29.
    public static voidmain(String[] args) { final DivolteKafkaConsumer<JavadocEventRecord> consumer = DivolteKafkaConsumer.createConsumer( KAFKA_TOPIC, ZOOKEEPER_QUORUM, KAFKA_CONSUMER_GROUP_ID, NUM_CONSUMER_THREADS, () -> new JavadocEventHandler(), JavadocEventRecord.getClassSchema()); ! Runtime.getRuntime().addShutdownHook(new Thread(() -> { System.out.println("Shutting down consumer."); consumer.shutdownConsumer(); })); ! System.out.println("Starting consumer."); consumer.startConsumer(); }
  • 30.
  • 31.
    CREATE EXTERNAL TABLEjavadoc_analytics ( firstInSession boolean -- other fields are created automatically from schema ) ROW FORMAT SERDE 'org.apache.hadoop.hive.serde2.avro.AvroSerDe' STORED AS INPUTFORMAT 'org.apache.hadoop.hive.ql.io.avro.AvroContainerInputFormat' OUTPUTFORMAT 'org.apache.hadoop.hive.ql.io.avro.AvroContainerOutputFormat' LOCATION '/divolte/published' TBLPROPERTIES ( 'avro.schema.url'='hdfs:///JavadocEventRecord.avsc' );
  • 32.
  • 33.
    export IPYTHON=1 exportIPYTHON_OPTS="notebook --ip=0.0.0.0" pyspark --jars divolte-spark-assembly-0.1.jar --driver-class-path divolte-spark-assembly-0.1.jar --num-executors 40
  • 35.
    Spark & SparkStreaming
  • 36.
    import io.divolte.spark.avro._ importorg.apache.avro.generic.IndexedRecord import org.apache.spark.SparkContext import org.apache.spark.SparkContext._ ! val sc = new SparkContext() val events = sc.newAvroFile[IndexedRecord](path) ! // And then… val records = events.toRecords // or val eventFields = events.fields("sessionId", "location", "timestamp")
  • 37.
    // Kafka configuration. val consumerConfig = Map( "group.id" -> "some-id-for-the-consumer-group", "zookeeper.connect" -> "zookeeper-connect-string", "auto.commit.interval.ms" -> "5000", "auto.offset.reset" -> "largest" ) val topicSettings = Map("divolte" -> Runtime.getRuntime.availableProcessors()) ! val sc = new SparkContext() val ssc = new StreamingContext(sc, Seconds(15)) ! // Establish the source event stream. val stream = ssc.divolteStream[GenericRecord](consumerConfig, topicSettings, StorageLevel.MEMORY_ONLY) ! // And then… val eventStream = stream.toRecords // or val locationStream = stream.fields("location")
  • 38.
  • 39.
    Zero config deploy • Easy to use for local development •Works out of the box with zero custom config • Comes with a built in schema and mapping •Works on local machine without Hadoop • Flushes to /tmp on local file system
  • 40.
    Collector has noglobal state • Load balancer friendly • Horizontally scalable • Shared nothing • (other than HDFS and Kafka)
  • 41.
    In stream de-duplication • The internet is a mean place; data will have noise • In stream hash based de-duplication • Low false negative rate • Virtually zero false positive rate • Requires URI based routing from load balancer • Easy to setup on nginx • Supported on many hardware load balancers
  • 42.
    Corrupt request detection • The internet is still a mean place… Some URLS are truncated • Incomplete events detected and discarded
  • 43.
    Defeat Chrome’s pre-rendering • Chrome sometimes speculatively pre-renders pages in the background • This triggers JS even if the page is not shown • Unless you use the Page Visibility API to detect this •Which we do •We take care of many other JS caveats as well
  • 44.
    Custom events •Divolte presents itself as a JS library • Map custom event parameters directly onto Avro fields <!-- client side --> <script> divolte.signal("addToBasket", { count: 2, productId: "a3bc38de" }) </script> // server side mapping eventType = eventType ! basketProductId { type = event_parameter name = productId }
  • 45.
    Bring your ownIDs • Generate page view ID on server side • Possible to relate server side logging to page views and other client side events <script src="//…/divolte.js#a28de3bf42a5dc98c03" defer async> </script>
  • 46.
    User agent parsing • On the fly parsing of user agent string • Uses: http://uadetector.sourceforge.net/ • Updates user agent database at runtime without restart
  • 47.
    IP to geocoordinates • On the fly enrichment with geo coordinates based on IP address • MaxMind geoIP database • https://www.maxmind.com/en/geoip2-databases • Updates database at runtime without restart • Sets: • Latitude & longitude • Country, City, Subdivision
  • 48.
  • 49.
    GoDataDriven We’re hiring/ Questions? / Thank you! @asnare / @fzk signal@godatadriven.com Andrew Snare / Friso van Vollenhoven