Category: Apache Drill

Splunk and SQL, Together at last?

Published July 24, 2020

For the last few years, I’ve been involved with Splunk engineering. I found this to be somewhat ironic since I’ve haven’t used Splunk as a user for a really long time. I was never a fan of the Splunk query language (SPL) for a variety of reasons, the main one being that I didn’t want to spend the time to learn a proprietary language that is about as elegant as a 1974 Ford Pinto. I had worked on a few projects over the years that involved doing machine learning on data in Splunk. which presented a major challenge. While Splunk does have a machine learning toolkit (MLTK), which is basically a wrapper for scikit-learn, doing feature engineering in SPL is a nightmare.

So, how DO you do machine learning in Splunk?

You don’t.

No,Really… How do you do machine learning in Splunk?

Ok… People actually do machine learning in Splunk, but IMHO, this is not the best way to do it, for several reasons. Most of the ML work I’ve seen done in Splunk involves getting the data out of Splunk. With that being the case, the first thing I would recommend to anyone attempting to do ML in Splunk is to take a look at huntlib (https://github.com/target/huntlib) which is a python module to facilitate getting data out of Splunk. Huntlib makes this relatively easy and you can get your data from Splunk right into a Pandas DataFrame. But, you still have to know SPL or you do a basic SPL search and do all your data wrangling in Python. Could there be a better way?

4 Comments

Explore REST APIs without Code!

Explore REST APIs without Code!

Published May 12, 2020

One of the big challenges a data scientist faces is the amount of data that is not in convenient formats. One such format are REST APIs. In large enterprises, these are especially problematic for several reasons. Often a considerable amount of reference data is only accessible via REST API which means that to access this data, users are required to learn enough Python or R to access this data. But what if you don’t want to code?

The typical way I’ve seen this dealt with is to create a duplicate of the reference data in an analytic system such as Splunk or Elasticsearch. The problems with this approach are manifold. First, there is the engineering effort (which costs time and money) to set up the data flow. On top of that, you now have the duplicate cost of storage and now you are maintaining multiple versions of the same information.

Another way I’ve seen is for each API owner to provide a graphical interface for their API, which is good, but the issue there is that now the data is stove-piped and can’t be joined with other data, which defeats its purpose altogether. There has to be a better way…

Take a look at the video tutorial below to see a demo!

4 Comments

Visualize Anything with Superset and Drill

Published March 25, 2019

Happy New Year everyone! I’ve been taking a bit of a blog break after completing Learning Apache Drill, teaching a few classes, and some personal travel but I’m back now and have a lot planned for 2019! One of my long standing projects is to get Apache Drill to work with various open source visualization and data flow tools. I attended the Strata conference in San Jose in 2016 where I attended Maxime Beauchemin’s talk (slides available here) where he presented the tool then known as Caravel and I was impressed, really really impressed. I knew that my mission after the conference would be to get this tool to work with Drill. A little over two years later, I can finally declare victory. Caravel went through a lot of evolution. It is now an Apache Incubating project and the name has changed to Apache (Incubating) Superset.

UPDATE: The changes to Superset have been merged, so you can just install Superset as described on their website.

9 Comments

Drilling Security Data

Drilling Security Data

Published August 16, 2018

Last Friday, the Apache Drill released Drill version 1.14 which has a few significant features (plus a few that are really cool!) that will enable you to use Drill for analyzing security data. Drill 1.14 introduced:

A logRegex reader which enables Drill to read anything you can describe with a Regex
An image metadata reader, which enables you to query images
A suite a of GIS functionality
A collection of phonetic and string distance functions which can be used for approximate string matching.

These suite of functionality really expands what is possible with Drill, and makes analysis of many different types of data possible. This brief tutorial will walk you through how to configure Apache Drill to query log files, or any file really that can be matched with a regex.

1 Comment

The Best Of Both Worlds: Joining Online And Local Datasets With Apache Drill

The Best Of Both Worlds: Joining Online And Local Datasets With Apache Drill

Published May 16, 2017

data.world is rapidly establishing itself as the premier site for data scientists and analysts to host and collaborate on datasets. I have been impressed with data.world’s growth and interested in starting to use the platform in my professional projects. On data.world, datasets can be open and visible to the general public or they can be private, with visibility limited to select contributors. That is sufficient to guarantee the privacy of the data most of the time. However, in some cases, you may be explicitly prohibited from uploading data to the cloud.

Would it be possible to use data.world in a project even when part of the data must not live in the cloud?

It didn’t take me long to answer that question. Fortunately, I also have been doing a meaningful amount of experimentation and development with Apache Drill over the last few years. What impresses me about Drill is its versatility and potential to dramatically increase analytic productivity, open up previously inaccessible data sources, query across data silos, and do so with the common language of ANSI SQL.

As I began experimenting with both, I couldn’t help but wonder if it might be possible to somehow combine the two.

Well, it turns out, it is…

The Biggest Problem in Data Science and How to Fix It

Published November 6, 2016

Imagine you have some process in your organization’s workflow that consumes 50%-90% of your staff’s time and contributes no value to the end result. If you work in the data science or data analytics fields you don’t have to imagine that because I’ve just described what is, in my view, the biggest problem in advanced analytics today: the Extract/Transform/Load (ETL) process. This range doesn’t come from thin air. Studies from a few years ago from various sources concluded that data scientists were spending between 50%-90% of their time preparing their data for analysis. (Example from Forbes, DatascienceCentral, New York Times) Furthermore, 76% of data scientists consider data preparation the least enjoyable part of their job, according to Forbes.

If you go to any trade show and walk the expo halls, you’ll see the latest whiz-bang tools to “leverage big data analytics in the cloud”, and you’ll be awed by some amazing visualization tools. Many of these new products can do amazing things… once they have data, which brings us back to our original problem…that in order to use the latest whiz-bang tool you still have to invest considerable amounts of time in data prep. The tools seem to skip that part, and focus on the final 10% of the process.

1 Comment

Drill UDF List

Drill UDF List

Published August 25, 2016

drillLogo I’ve been working on developing some custom functions for Drill, or User Defined Functions and I realized that there really should be a repository for Drill UDFs. I’ve decided to create a page with links to all the UDFs that I know of. I’ll keep this updated, so please if you have Drill UDFs that you want to share, please email me a link and I’ll put it up.

A Few Exciting Tool Announcements!

Published November 27, 2015

I hope everyone is enjoying Thanksgiving! This week, there were several new developments in terms of data science tools which I would like to highlight. I am a big believer of staying up to date in terms of what new tools are being developed in that you can make yourself much more efficient by better using the available tools. Both tools highlighted here represent significant potential in terms of being able to get data more efficiently and being able to more effectively present data.

Apache Drill Releases version 1.3.

On 23 November, the Drill team released Drill version 1.3. The complete release notes are available here, but for me, the biggest improvement is the text file header parsing.

In my opinion, one of the things Drill did very poorly in previous versions was CSV parsing. In prior versions, when you used Drill to query a CSV file, Drill would store each row into an array called Columns, and if you were querying a CSV file in Drill you had to use the columns array and assign each column a name:
SELECT columns[0] AS firstName, columns[1] as lastName FROM cp.`somefile.csv`
This clearly was a less than optimal solution and results in very convoluted queries. However, with the advent of version 1.3, Drill now can be configured to derive the column names from the original CSV file. You can still configure drill to operate in the old manner, but I can’t imagine you’d want to, and you can write queries like this for CSV files:
SELECT firstName, lastName FROM cp`.somefile.csv`

Drill will still work with data that has no headers. It treats this kind of data as it used to in the past.

The HTTPD log parser still hasn’t made it into a stable version, but I’m following the conversation between the developers closely and it looks like it will be included in version 1.4.

Plot.ly Now Open Source

If you are into data visualization (and what data scientist shouldn’t be?) you’ll be pleased to know that as of a few days ago, the JavaScript library Plot.ly is now completely free and open source. I teach a lot of data science classes and clearly a subject which we feature in our training is data visualization. The unfortunate reality that I have encountered is that if you want to create really nice visualizations quickly, you either:

Have to pay a lot of money for BI tools such as Tableau or RShiny. OR
Learn to code in JavaScript and create them using D3.

It is true that several easy to use libraries such as Bokeh, Seaborn, Vincent and a few others are getting a lot better. Also Apache Zeppelin is a promising notebook-like tool which enables quick, interactive data visualization, but I digress…

What is Plot.ly and Why Should I Care?

Plot.ly is a JavaScript framework for easily making beautiful interactive visualizations, however you don’t actually have to know JavaScript to use it for visualizations. While Plot.ly is a JavaScript library, it also has APIs for Python / Jupyter Notebooks, R, Excel and a few others. Most of this was open source, but until last week, the JavaScript library that actually generated the visualization was closed. No Longer!
In any event, just as a quick demonstration, the code below generates a very nice interactive stacked area chart. (The code is from a Plot.ly tutorial and available here.)

 
 import cufflinks as cf
 import pandas.io.data as web
 from datetime import datetime

 start = datetime(2008, 1, 1)
 end = datetime(2008, 11, 28)

 df_gis = web.DataReader("GIS", 'yahoo', start, end)
 df_fdo = web.DataReader("FDO", 'yahoo', start, end)
 df_sp = web.DataReader("GSPC", 'yahoo', start, end)
 df = pd.DataFrame({'General Mills': df_gis.Open, 'Family Dollar Stores': df_fdo.Open, 'S&P 500': df_sp.Open})
 
df.head()
df.iplot(kind='line', fill=True,
    yTitle='Open Price', title='Top Recession Stocks',
    filename='cufflinks/stock data', world_readable')

Here is the output for that code:

There is a very thorough tutorial about Plot.ly available here. Installing Plot.ly is very easy as well. All you have to do is:

pip install plotly

That’s it! Enjoy!

Apache Drill and Zeppelin: Two Promising Tools You’ve Never Heard Of

Published November 20, 2015

1 Comment

Querying Apache Drill via the RESTful API

Published November 11, 2015

Here is a quick iPython notebook I wrote up which demonstrates how to execute queries in Apache Drill using Drill’s RESTful interface. I’ve had a lot of difficulties getting Drill to “talk” to Python via JDBC and ODBC. I think the problems however are related to my computer’s configuration, but in any event, this code works.

Querying Apache Drill via RESTful Interface

1 Comment