The versatility of Apache Spark’s API for both batch/ETL and streaming workloads brings the promise of lambda architecture to the real world.html
Few things help you concentrate like a last-minute change to a major project.react
One time, after working with a customer for three weeks to design and implement a proof-of-concept data ingest pipeline, the customer’s chief architect told us:git
You know, I really like the design – I like how data is validated on arrival. I like how we store the raw data to allow for exploratory analysis while giving the business analysts pre-computed aggregates for faster response times. I like how we automatically handle data that arrives late and changes to the data structure or algorithms.github
But, he continued, I really wish there was a real-time component here. There is a one-hour delay between the point when data is collected until it’s available in our dashboards. I understand that this is to improve efficiency and protect us from unclean data. But for some of our use cases, being able to react immediately to new data is more important than being 100% certain of data validity.apache
Can we quickly add a real-time component to the POC? It will make the results much more impressive for our users.api
Without directly articulating it, the architect was referring to what we call the lambda architecture – originally proposed by Nathan Marz – which usually combines batch and real-time components. One often needs both because data arriving in real-time has inherent issues: there is no guarantee that each event will arrive exactly once, so there may be duplicates that will add noise to the data. Data that arrives late due to network or server instability also routinely causes problems. The lambda architecture handles these issues by processing the data twice — once in the real-time view, and a second time in the batch process – to give you one view that is fast, and one that is reliable.promise
But this approach comes with a cost: you’ll have to implement and maintain the same business logic in two different systems. For example, if your batch system is implemented with Apache Hive or Apache Pig and your real-time system is implemented with Apache Storm, you need to write and maintain the same aggregates in SQL and in Java. As Jay Kreps noted in his article 「Questioning the Lambda Architecture,」 this situation very quickly becomes a maintenance nightmare.app
Had we implemented the customer’s POC system in Hive, I would have had to tell him: 「No, there is not enough time left to re-implement our entire aggregation logic in Storm.」 But fortunately, we were using Apache Spark, not Hive, for the customer’s aggregation logic.less
Spark is well known as a framework for machine learning, but it is also quite capable for ETL tasks, as well. Spark has clean and easy-to-use APIs (far more readable and with less boilerplate code than MapReduce), and its REPL interface allows for fast prototyping of logic with business users. Obviously, no one complains when the aggregates execute significantly faster than they would with MapReduce.socket
But the biggest advantage Spark gave us in this case was Spark Streaming, which allowed us to re-use the same aggregates we wrote for our batch application on a real-time data stream. We didn’t need to re-implement the business logic, nor test and maintain a second code base. As a result, we could rapidly deploy a real-time component in the limited time left — and impress not just the users but also the developers and their management.
Here’s a quick and simple example of how this was done. (For simplicity, only the most important steps are included.) You can see the complete source code here.
def countErrors(rdd: RDD[String]): RDD[(String, Int)] = { rdd .filter(_.contains("ERROR")) // Keep "ERROR" lines .map( s => (s.split(" ")(0), 1) ) // Return tuple with date & count .reduceByKey(_+_) // Sum counts for each date }
In the function we filter all lines that contain 「ERROR」, then use a map function to set the first word in the line (the date) as the key. Then we run reduce by key
to count the number of errors we got for each day.
As you can see, the function transforms one RDD into another. RDD’s are Spark’s main data structure– essentially partitioned, replicated collections. Spark hides the complexity of handling distributed collections from us, and we can work with them like we would with any other collection.
val sc = new SparkContext(conf) val lines = sc.textFile(...) val errCount = countErrors(lines) errCount.saveAsTextFile(...)
In this example we initialized a SparkContext
to execute our code within a Spark cluster. (Note that this is not necessary if you use the Spark REPL, where the SparkContext
is initialized automatically.) Once the SparkContext
is initialized, we use it to read lines from a file into an RDD and then execute our error count function and save the result back to a file.
The URLs in spark.textFile
and errCount.saveAsTextFile
can be placed in HDFS by using hdfs://…
or to files in local filesystem, Amazon S3, and so on.
val ssc = new StreamingContext(sparkConf, 60) // Create the DStream from data sent over the network val dStream = ssc.socketTextStream(args(1), args(2).toInt, StorageLevel.MEMORY_AND_DISK_SER) // Counting the errors in each RDD in the stream val errCountStream = dStream.transform(rdd => ErrorCount.countErrors(rdd)) // printing out the current error count errCountStream.foreachRDD(rdd => { System.out.println("Errors this minute:%d".format(rdd.first()._2)) }) // creating a stream with running error count val stateStream = errCountStream.updateStateByKey[Int](updateFunc) // printing the running error count stateStream.foreachRDD(rdd => { System.out.println("Errors today:%d".format(rdd.first()._2)) })
Once again, we are initializing a context – this time, it’s a SteamingContext
. StreamingContext
takes a stream of events (in this case from a network socket; production architecture will use a reliable service like Apache Kafka instead) and turns them into a stream of RDDs.
Each RDD represents a micro-batching of the stream. The duration of each micro-batch is configurable (in this case 60-second batches), and can serve to balance between throughput (larger batches) and latency (smaller batches).
We run a map job on the DStream
, using our countErrors
function to transform each RDD of lines from the stream into an RDD of (date, errorCount)
.
For each RDD we output the error count for this specific batch, and use the same RDD to update a stream with running totals of the counts. We use this stream to print the running totals.
For simplicity you could print the output to screen, but you can also save it to HDFS, Apache HBase, or Kafka, where real-time applications and users can use it.
To recap: Spark Streaming lets you implement your business logic function once, and then reuse the code in a batch ETL process as well as a streaming process. In the customer engagement I described previously, this versatility allowed us to very quickly implement (within hours) a real-time layer to complement the batch-processing one, impress users and management with a snazzy demo, and make our flight home. But its not just a short term POC win. In the long term, our architecture will require less maintenance overhead and have lower risk for errors resulting from duplicate code bases.
Thanks to Hari Shreedharan, Ted Malaska, Grant Henke, and Sean Owen for their valuable input and feedback.
Gwen Shapira is a Software Engineer (and former Solutions Architect) at Cloudera. She is also a co-author of the forthcoming book Hadoop Application Architectures from O’Reilly Media.