We’re thinking about putting up a data warehouse system to load with web access logs that our web servers generate. The idea is to load the data in real-time.
To the user we want to present a line graph of the data and enable the user to drill down using the dimensions.
The question is how to balance and design the system so that ;
(1) the data can be fetched and presented to the user in real-time (<2 seconds),
(2) data can be aggregated on per-hour and per-day basis, and
(2) as large amount of data can still be stored in the warehouse, and
Our current data-rate is roughly ~10 accesses per second which gives us ~800k rows per day. My simple tests with MySQL and a simple star schema shows that my quires starts to take longer than 2 seconds when we have more than 8 million rows.
Is it possible it get real-time query performance from a “simple” data warehouse like this,
and still have it store a lot of data (it would be nice to be able to never throw away any data)
Are there ways to aggregate the data into higher resolution tables?
I got a feeling that this isn’t really a new question (i’ve googled quite a lot though). Could maybe someone give points to data warehouse solutions like this? One that comes to mind is Splunk.
Maybe I’m grasping for too much.
UPDATE
My schema looks like this;
-
dimensions:
- client (ip-address)
- server
- url
-
facts;
- timestamp (in seconds)
- bytes transmitted
Doesn’t sound like it would be a problem. MySQL is very fast.
For storing logging data, use MyISAM tables — they’re much faster and well suited for web server logs. (I think InnoDB is the default for new installations these days – foreign keys and all the other features of InnoDB aren’t necessary for the log tables). You might also consider using merge tables – you can keep individual tables to a manageable size while still being able to access them all as one big table.
If you’re still not able to keep up, then get yourself more memory, faster disks, a RAID, or a faster system, in that order.
Also: Never throwing away data is probably a bad idea. If each line is about 200 bytes long, you’re talking about a minimum of 50 GB per year, just for the raw logging data. Multiply by at least two if you have indexes. Multiply again by (at least) two for backups.
You can keep it all if you want, but in my opinion you should consider storing the raw data for a few weeks and the aggregated data for a few years. For anything older, just store the reports. (That is, unless you are required by law to keep around. Even then, it probably won’t be for more than 3-4 years).