Data/ML Engineer Blog

Apache Druid Architecture & Real-Time Best Practices (Kafka, Rollup, Partitioning)

Apache Druid is a distributed data storage solution that is open source. Its fundamental architecture merges concepts from data warehouses, time series databases, and search technologies to deliver a high-performance analytics database capable of handling a diverse array of applications. By integrating the essential features from these three types of systems, Druid optimizes its ingestion process, storage method, querying capabilities, and overall structure. Each column is stored and compressed separately, allowing the system to access only the relevant columns for a specific query, which enhances speed for scans, rankings, and groupings. Additionally, Druid constructs inverted indexes for string data to facilitate rapid searching and filtering. It also includes pre-built connectors for various platforms such as Apache Kafka, HDFS, and AWS S3, as well as stream processors and others. The system adeptly partitions data over time, making queries based on time significantly quicker than those in conventional databases. Users can easily scale resources by simply adding or removing servers, and Druid will manage the rebalancing automatically. Furthermore, its fault-tolerant design ensures resilience by effectively navigating around any server malfunctions that may occur. This combination of features makes Druid a robust choice for organizations seeking efficient and reliable real-time data analytics solutions.

Pitch ideas (choose any; I can write all of them)

  1. “Apache Druid vs. Building on OLAP Databases: When Real-Time Rollup Beats ETL” — Keyword intent: Apache Druid real-time analytics, Druid rollup, real-time OLAP. Focus: when Druid’s rollup + streaming ingestion outperforms batch OLAP stacks for product analytics and ops monitoring.
  2. “Designing a Druid Cluster: Brokers, Historicals, and Indexers Explained” — Keyword intent: Apache Druid architecture, Druid components, Druid cluster sizing. Straightforward, mid-level deep dive on core services and how to scale each.
  3. “Streaming at Scale with Druid + Kafka: Exactly-Once Ingestion and Tuning” — Keyword intent: Druid Kafka ingestion, exactly once, supervisor spec. Practical guide with minimal JSON specs and operational guardrails.
  4. “Data Modeling in Apache Druid: Timestamps, Dimensions, Metrics, and Partitioning” — Keyword intent: Druid schema model, Druid partitioning, segment size. Shows how to pick granularity, rollup dimensions, and target rows/segment.
  5. “Faster Queries in Druid: Vectorization, Indexes, and Query Context Settings” — Keyword intent: Druid performance tuning, vectorized queries, query context. Hands-on knobs mid-level engineers can turn safely.
  6. “Operating Druid: Deep Storage, Compaction, and Cost Control” — Keyword intent: Druid deep storage S3 HDFS, compaction, segment management. Practical ops patterns and budgets.

Introduction: why Druid matters now

You’ve got clickstreams, events, and metrics landing nonstop. Stakeholders want dashboards to update now, not after tonight’s ETL. Apache Druid is built for that moment: sub-second “slice-and-dice” analytics on fresh streams with high concurrency and uptime. Think product analytics, operational intelligence, fraud/abuse dashboards, and API-served aggregates. (Apache Druid)

Druid in one picture (concepts & architecture)

A Druid cluster separates concerns so you can scale reads, writes, and coordination independently:

  • Brokers accept SQL/native queries, fan them out, and merge results.
  • Historicals serve immutable segment files for fast OLAP scans.
  • Indexers/MiddleManagers & Peons run ingestion tasks (batch and stream).
  • Coordinators balance segments across Historicals; Overlords manage indexing tasks.
  • Deep storage (S3/GCS/Azure/HDFS/NFS) holds the canonical segment files. Historicals cache what they serve locally, but the source of truth lives in deep storage. (Apache Druid)

Data model and storage

  • Data lives in datasources (table-like), partitioned by a primary timestamp (must exist) and optionally clustered/hashed by other dimensions.
  • Data is stored in segments (columnar files). A solid starting target is ~5M rows/segment, then iterate with compaction. (Apache Druid)

Why deep storage matters

Because segments are immutable and persisted in deep storage, you can recover even if every server disappears. It also enables cost-efficient scaling and rolling restarts without data loss. (Apache Druid)

Real-time ingestion: Kafka + exactly-once

Druid offers native streaming ingestion from Kafka and Kinesis, with exactly-once guarantees via partition/offset tracking and supervisor-managed task handoffs. You get “query on arrival” while data is still flowing. (Apache Druid)

Minimal Kafka supervisor (trimmed for clarity):

{
  "type": "kafka",
  "spec": {
    "dataSchema": {
      "dataSource": "clicks_rt",
      "timestampSpec": {"column": "ts", "format": "iso"},
      "dimensionsSpec": {"dimensions": ["user_id","country","device"]},
      "metricsSpec": [{"type":"count", "name":"rows"}, {"type":"longSum","name":"clicks","fieldName":"clicks"}],
      "granularitySpec": {"segmentGranularity":"HOUR","queryGranularity":"MINUTE","rollup": true}
    },
    "ioConfig": {"topic": "clicks", "inputFormat": {"type":"json"}, "replicas": 2},
    "tuningConfig": {"maxRowsInMemory": 100000, "maxRowsPerSegment": 5000000}
  }
}

(See official Kafka ingestion docs for full supervisor spec and options.) (Apache Druid)

Rollup: compression, cost, and the trade-off

Rollup aggregates rows at ingestion time (by chosen dimensions + time bucket), shrinking storage and speeding queries—often by orders of magnitude. The cost: you lose per-event visibility after rollup. Use it when your queries are aggregate-centric (counts, sums, uniques) and you can tolerate not retrieving raw events. (Apache Druid)

Quick guide

Use rollup when…Avoid rollup when…
Dashboards and percentiles over timeYou must retrieve individual events
Cardinality is manageable on group-by keysDimensions are highly cardinal or ad-hoc
Storage/cost must be minimizedForensics or exact replay is required

Querying: SQL + native queries

Druid supports both SQL and native JSON query APIs; common OLAP patterns are TIMESERIES, GROUP BY, and TOPN. Vectorized execution can accelerate GroupBy/Timeseries by processing data in batches. (Apache Druid)

Example (Druid SQL): hourly active users by country

SELECT
  TIME_FLOOR(__time, 'PT1H') AS hour,
  country,
  COUNT(*) AS events,
  SUM(clicks) AS clicks
FROM clicks_rt
WHERE __time >= CURRENT_TIMESTAMP - INTERVAL '24' HOUR
GROUP BY 1, 2
ORDER BY hour, country
LIMIT 500;

Partitioning & segments: getting it right

  • Primary partitioning is always time; choose segmentGranularity to match your query windows (HOUR vs DAY).
  • Add secondary partitioning (hashing or single-dimension ranges) when scans over a dimension are frequent—this improves locality, compression, and query time.
  • Tune for ~millions of rows per segment, then enable compaction to keep segments right-sized. (Apache Druid)

Cluster patterns that scale

  • Start with the reference cluster: Coordinator+Overlord on a master node; Historicals+MiddleManagers on data nodes; Broker+Router on query nodes. Scale each tier based on ingestion or query pressure. (Apache Druid)
  • Keep deep storage on S3/GCS/Azure or HDFS for durability; Historicals cache hot segments locally. (Apache Druid)

Best practices (safe for mid-level engineers)

  1. Model deliberately. Always define a clear timestamp, pick stable dimensions/metrics, and set queryGranularity to match dashboard resolution (minute/hour). (Apache Druid)
  2. Use rollup where it counts. Start with rollup on common group-by keys; keep a raw datasource only if you truly need event-level reads. (Apache Druid)
  3. Right-size segments. Target ~5M rows; enable automatic compaction to fix drift over time. (Apache Druid)
  4. Stream with exactly-once. Prefer Kafka/Kinesis native ingestion; tune supervisor parallelism and replicas for throughput and HA. (Apache Druid)
  5. Turn on vectorization when eligible. It can materially speed up GroupBy/Timeseries; check query-context requirements. (Apache Druid)
  6. Plan for multitenancy. Decide early: single shared datasource with a tenant dimension, or datasource per tenant. Each has cost/query-isolation trade-offs. (Apache Druid)
  7. Operate like you’ll migrate. Keep deep storage portable (S3/HDFS). Druid’s export/migration tooling helps move segments cleanly. (Apache Druid)

Common pitfalls (and how to dodge them)

  • Over-cardinality dimensions explode index size and crush rollup. Bucket or hash PII/user-ids; don’t roll up on unique IDs. (Apache Druid)
  • Too-fine segment granularity (e.g., MINUTE) leads to millions of tiny segments: slow coordination, high overhead. Prefer HOUR/DAY and rely on query granularity for precision. (Apache Druid)
  • Forgetting the trade-off of rollup. If you’ll ever need per-event retrieval, keep a parallel raw datasource. (Apache Druid)
  • Misplaced expectations about “updates.” Druid rewrites segments (replace/append/tombstones); it’s not row-level UPDATE/DELETE. Design pipelines accordingly. (Apache Druid)

Conclusion & takeaways

Apache Druid shines when you need fresh, aggregated answers fast—and at scale. Architect for time-partitioned, immutable segments in deep storage; pick sane rollup and segment sizes; and use native Kafka ingestion. Start with safe defaults, then iterate with compaction and vectorization.

What to do next

  • Build a small, production-like cluster and ingest one high-value stream (e.g., product events).
  • Validate rollup vs. raw side-by-side; measure latency, cost, and query coverage.
  • Add compaction and multitenant strategy before you on-board more teams.

Internal link ideas (official docs only)

Image prompt (for AI tools)

“A clean, modern data architecture diagram of an Apache Druid cluster showing Brokers, Historicals, MiddleManagers/Indexers, deep storage, and Kafka ingestion streams — minimalistic, high contrast, isometric 3D style.”

Tags

#NoSQL #ApacheDruid #RealTimeAnalytics #Kafka #DataEngineering #OLAP #StreamingData #Scalability #Rollup #BigData