Mailing-List: contact user-help@hive.apache.org; run by ezmlm
Precedence: bulk
Reply-To: user@hive.apache.org
Received-SPF: pass (athena.apache.org: domain of xiaobinshe@gmail.com
 designates 74.125.82.176 as permitted sender)
MIME-Version: 1.0
In-Reply-To: <1CFF9FDB-7596-4FA1-9BDE-EE0C8CB4C845@gmail.com>
References: 
 <CAFHQjKw4OiNtWay53rtuxn8JQHbc0uuhkvBS+joRUuk-0TdYuw@mail.gmail.com>
	<1CFF9FDB-7596-4FA1-9BDE-EE0C8CB4C845@gmail.com>
Date: Tue, 7 Feb 2012 22:09:45 +0800
Message-ID: 
 <CAFHQjKwH4w6WC5fFa4aHDmtLti-gryMqBFjANg8WLE5PnbeeUQ@mail.gmail.com>
Subject: Re: What's the best practice of loading logs into hdfs while using
 hive to do log analytic?
From: Xiaobin She <xiaobinshe@gmail.com>
To: user@hive.apache.org, common-user@hadoop.apache.org
Cc: =?GB2312?B?2dzP/rHy?= <xiaobinshe@gmail.com>
Content-Type: multipart/alternative; boundary=0016e6d460a6cc570f04b860543e

--0016e6d460a6cc570f04b860543e
Content-Type: text/plain; charset=ISO-8859-1

hi Bejoy and Alex,

thank you for your advice.

Actually I have look at Scribe first, and I have heard of Flume.

I look at flume's user guide just now, and flume seems promising, as Bejoy
said , the flume collector can dump data into hdfs when the collector
buffer reaches a particular size of after a particular time interval, this
is good and I think it can solve the problem of data delivery latency.

But what about compress?

from the user's guide of flume, I see that flum supports compression  of
log files, but if flume did not wait until the collector has collect one
hour of log and then compress it and send it to hdfs, then it will  send
part of the one hour log to hdfs, am I right?

so if I want to use thest data in hive (assume I have an external table in
hive), I have to specify at least two partiton key while creating table,
one for day-month-hour, and one for some other time interval like ten
miniutes, then I add hive partition to the existed external table with
specified partition key.

Is the above process right ?

If this right, then there could be some other problem, like the ten miniute
logs after compress is not big enough to fit the block size of hdfs which
may couse lots of small files ( for some of our log id, this may come
true), or if I set the time interval to be half an hour, then at the end of
hour, it may still cause the data delivery latency problem.

this seems not a very good solution, am I making some mistakes or
misunderstanding here?

thank you very much!


2012/2/7 alo alt <wget.null@googlemail.com>

> Hi,
>
> a first start with flume:
>
> http://mapredit.blogspot.com/2011/10/centralized-logfile-management-across.html
>
> Facebook's scribe could also be work for you.
>
> - Alex
>
> --
> Alexander Lorenz
> http://mapredit.blogspot.com
>
> On Feb 7, 2012, at 11:03 AM, Xiaobin She wrote:
>
> > Hi all,
> >
> > Sorry if it is not appropriate to send one thread into two maillist.
> > **
> > I'm tring to use hadoop and hive to do some log analytic jobs.
> >
> > Our system generate lots of logs every day, for example, it produce about
> > 370GB logs(including lots of log files) yesterday, and every day the logs
> > increases.
> >
> > And we want to use hadoop and hive to replace our old log analysic
> system.
> >
> > We distinguish our logs with logid, we have an log collector which will
> > collect logs from clients and then generate log files.
> >
> > for every logid, there will be one log file every hour, for some logid,
> > this hourly log file can be 1~2GB
> >
> > I have set up an test cluster with hadoop and hive, and I have run some
> > test which seems good for us.
> >
> > For reference, we will create one table in hive for every logid which
> will
> > be partitoned by hour.
> >
> > Now I have a question, what's the best practice for loading logs files
> into
> > hdfs or hive warehouse dir ?
> >
> > My first thought is,  at the begining of every hour,  compress the log
> file
> > of the last hour of every logid and then use the hive cmd tool to load
> > these compressed log files into hdfs.
> >
> > using  commands like "LOAD DATA LOCAL inpath '$logname' OVERWRITE  INTO
> > TABLE $tablename PARTITION (dt='$h') "
> >
> > I think this can work, and I have run some test on our 3-nodes test
> > clusters.
> >
> > But the problem is, there are lots of logid which means there are lots of
> > log files,  so every hour we will have to load lots of files into hdfs
> > and there is another problem,  we will run hourly analysis job on these
> > hourly collected log files,
> > which inroduces the problem, because there are lots of log files, if we
> > load these log files at the same time at the begining of every hour, I
> > think  there will some network flows and there will be data delivery
> > latency problem.
> >
> > For data delivery latency problem, I mean it will take some time for the
> > log files to be copyed into hdfs,  and this will cause our hourly log
> > analysis job to start later.
> >
> > So I want to figure out if we can write or append logs into an compressed
> > file which is already located in hdfs, and I have posted an thread in the
> > mailist, and from what I have learned, this is not possible.
> >
> >
> > So, what's the best practice of loading logs into hdfs while using hive
> to
> > do log analytic?
> >
> > Or what's the common methods to handle problem I have describe above?
> >
> > Can anyone give me some advices?
> >
> > Thank you very much for your help!
>
>

--0016e6d460a6cc570f04b860543e
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable

hi Bejoy and Alex,<br><br>thank you for your advice.<br><br>Actually I have=
 look at Scribe first, and I have heard of Flume.<br><br>I look at flume=
9;s user guide just now, and flume seems promising, as Bejoy said , the flu=
me collector can dump data into hdfs when the collector buffer=20
reaches a particular size of after a particular time interval, this is good=
 and I think it can solve the problem of data delivery latency.<br><br>But =
what about compress?<br><br>from the user&#39;s guide of flume, I see that =
flum supports compression=A0 of log files, but if flume did not wait until =
the collector has collect one hour of log and then compress it and send it =
to hdfs, then it will=A0 send part of the one hour log to hdfs, am I right?=
<br>
<br>so if I want to use thest data in hive (assume I have an external table=
 in hive), I have to specify at least two partiton key while creating table=
, one for day-month-hour, and one for some other time interval like ten min=
iutes, then I add hive partition to the existed external table with specifi=
ed partition key.<br>
<br>Is the above process right ?<br><br>If this right, then there could be =
some other problem, like the ten miniute logs after compress is not big eno=
ugh to fit the block size of hdfs which may couse lots of small files ( for=
 some of our log id, this may come true), or if I set the time interval to =
be half an hour, then at the end of hour, it may still cause the data deliv=
ery latency problem.<br>
<br>this seems not a very good solution, am I making some mistakes or misun=
derstanding here?<br><br>thank you very much!<br><br><br><br><br><br><div c=
lass=3D"gmail_quote">2012/2/7 alo alt <span dir=3D"ltr">&lt;<a href=3D"mail=
to:wget.null@googlemail.com" target=3D"_blank">wget.null@googlemail.com</a>=
&gt;</span><br>
<blockquote class=3D"gmail_quote" style=3D"margin:0 0 0 .8ex;border-left:1p=
x #ccc solid;padding-left:1ex">
Hi,<br>
<br>
a first start with flume:<br>
<a href=3D"http://mapredit.blogspot.com/2011/10/centralized-logfile-managem=
ent-across.html" target=3D"_blank">http://mapredit.blogspot.com/2011/10/cen=
tralized-logfile-management-across.html</a><br>
<br>
Facebook&#39;s scribe could also be work for you.<br>
<br>
- Alex<br>
<span><font color=3D"#888888"><br>
--<br>
Alexander Lorenz<br>
<a href=3D"http://mapredit.blogspot.com" target=3D"_blank">http://mapredit.=
blogspot.com</a><br>
</font></span><div><br>
On Feb 7, 2012, at 11:03 AM, Xiaobin She wrote:<br>
<br>
&gt; Hi all,<br>
&gt;<br>
&gt; Sorry if it is not appropriate to send one thread into two maillist.<b=
r>
</div>&gt; **<br>
<div><div>&gt; I&#39;m tring to use hadoop and hive to do some log analytic=
 jobs.<br>
&gt;<br>
&gt; Our system generate lots of logs every day, for example, it produce ab=
out<br>
&gt; 370GB logs(including lots of log files) yesterday, and every day the l=
ogs<br>
&gt; increases.<br>
&gt;<br>
&gt; And we want to use hadoop and hive to replace our old log analysic sys=
tem.<br>
&gt;<br>
&gt; We distinguish our logs with logid, we have an log collector which wil=
l<br>
&gt; collect logs from clients and then generate log files.<br>
&gt;<br>
&gt; for every logid, there will be one log file every hour, for some logid=
,<br>
&gt; this hourly log file can be 1~2GB<br>
&gt;<br>
&gt; I have set up an test cluster with hadoop and hive, and I have run som=
e<br>
&gt; test which seems good for us.<br>
&gt;<br>
&gt; For reference, we will create one table in hive for every logid which =
will<br>
&gt; be partitoned by hour.<br>
&gt;<br>
&gt; Now I have a question, what&#39;s the best practice for loading logs f=
iles into<br>
&gt; hdfs or hive warehouse dir ?<br>
&gt;<br>
&gt; My first thought is, =A0at the begining of every hour, =A0compress the=
 log file<br>
&gt; of the last hour of every logid and then use the hive cmd tool to load=
<br>
&gt; these compressed log files into hdfs.<br>
&gt;<br>
&gt; using =A0commands like &quot;LOAD DATA LOCAL inpath &#39;$logname&#39;=
 OVERWRITE =A0INTO<br>
&gt; TABLE $tablename PARTITION (dt=3D&#39;$h&#39;) &quot;<br>
&gt;<br>
&gt; I think this can work, and I have run some test on our 3-nodes test<br=
>
&gt; clusters.<br>
&gt;<br>
&gt; But the problem is, there are lots of logid which means there are lots=
 of<br>
&gt; log files, =A0so every hour we will have to load lots of files into hd=
fs<br>
&gt; and there is another problem, =A0we will run hourly analysis job on th=
ese<br>
&gt; hourly collected log files,<br>
&gt; which inroduces the problem, because there are lots of log files, if w=
e<br>
&gt; load these log files at the same time at the begining of every hour, I=
<br>
&gt; think =A0there will some network flows and there will be data delivery=
<br>
&gt; latency problem.<br>
&gt;<br>
&gt; For data delivery latency problem, I mean it will take some time for t=
he<br>
&gt; log files to be copyed into hdfs, =A0and this will cause our hourly lo=
g<br>
&gt; analysis job to start later.<br>
&gt;<br>
&gt; So I want to figure out if we can write or append logs into an compres=
sed<br>
&gt; file which is already located in hdfs, and I have posted an thread in =
the<br>
&gt; mailist, and from what I have learned, this is not possible.<br>
&gt;<br>
&gt;<br>
&gt; So, what&#39;s the best practice of loading logs into hdfs while using=
 hive to<br>
&gt; do log analytic?<br>
&gt;<br>
&gt; Or what&#39;s the common methods to handle problem I have describe abo=
ve?<br>
&gt;<br>
&gt; Can anyone give me some advices?<br>
&gt;<br>
&gt; Thank you very much for your help!<br>
<br>
</div></div></blockquote></div><br>

--0016e6d460a6cc570f04b860543e--