Skip to content
This repository has been archived by the owner on May 12, 2021. It is now read-only.

METRON-1496: ChainLink Parser to reuse parser code at parserConfig level #969

Open
wants to merge 5 commits into
base: master
Choose a base branch
from

Conversation

kevin91nl
Copy link

@kevin91nl kevin91nl commented Mar 20, 2018

Contributor Comments

[Please place any comments here. A description of the problem/enhancement, how to reproduce the issue, your testing methodology, etc.]

Pull Request Checklist

Thank you for submitting a contribution to Apache Metron.
Please refer to our Development Guidelines for the complete guide to follow for contributions.
Please refer also to our Build Verification Guidelines for complete smoke testing guides.

In order to streamline the review of the contribution we ask you follow these guidelines and ask you to double check the following:

For all changes:

  • Is there a JIRA ticket associated with this PR? If not one needs to be created at Metron Jira.
  • Does your PR title start with METRON-XXXX where XXXX is the JIRA number you are trying to resolve? Pay particular attention to the hyphen "-" character.
  • Has your PR been rebased against the latest commit within the target branch (typically master)?

For code changes:

  • Have you included steps to reproduce the behavior or problem that is being changed or addressed?

  • Have you included steps or a guide to how the change may be verified and tested manually?

  • Have you ensured that the full suite of tests and checks have been executed in the root metron folder via:

    mvn -q clean integration-test install && dev-utilities/build-utils/verify_licenses.sh 
    
  • Have you written or updated unit tests and or integration tests to verify your changes?

  • If adding new dependencies to the code, are these dependencies licensed in a way that is compatible for inclusion under ASF 2.0?

  • Have you verified the basic functionality of the build by building and running locally with Vagrant full-dev environment or the equivalent?

For documentation related changes:

  • Have you ensured that format looks appropriate for the output in which it is rendered by building and verifying the site-book? If not then run the following commands and the verify changes via site-book/target/site/index.html:

    cd site-book
    mvn site
    

Note:

Please ensure that once the PR is submitted, you check travis-ci for build issues and submit an update to your PR as soon as possible.
It is also recommended that travis-ci is set up for your personal repository such that your branches are built there before submitting a pull request.

@kevin91nl
Copy link
Author

We would like to share our configurable parser architecture for review and discussion. Our parsers are currently found in metron-platform/metron-parsers-contrib which might be changed.

@cestella
Copy link
Member

Thanks for the contribution! First thing, though, the package naming should be migrated to org.apache.metron, please.

@cestella
Copy link
Member

Also, just briefly looking at this, can you speak a bit about how the chain links are different from field transformations? It seems like they're both configurable mechanisms to execute pluggable code in an ordered manner over the message. I mostly want to understand how they differ and if they differ enough to make sense as a separate thing or if it may be worth-while to migrate them to field transformations.

@ottobackwards
Copy link
Contributor

This seems redundant to the metron stellar system. We should have a discuss thread maybe where Chainlinks are proposed and you can explain why they may be better.

That aside, you probably want to get rid of the references to your company name in the namespaces and classes. Also, please revert and remove the stye only modifications to the antlr generated classes.

@kevin91nl
Copy link
Author

kevin91nl commented Mar 21, 2018

The package naming is adjusted in the latest commit.

Chainparsers versus Stellar
Here I will present some of the difference between Chainparsers and Stellar and some of the issues we encountered when writing the parsers. I am interested in your thoughts :-).

Stateful parsing
In one of our to-be-written parsers, we need to read an external file, parse the file and keep the parsed file in memory. As far as I can see, Stellar is stateless and not capable of keeping data in memory. It might be possible by using environment variables, but this approach might get messy.

Performance
A ChainParser does not need to interpret a language the way Stellar does. We found that interpreting a language was a performance bottleneck in the parsers. In fact, we implemented a lightweight template engine in one of our links, but that was breaking the throughput rate of the parsers. Therefore, we removed this mechanism.

Tests
There is no clear way how to write end-to-end tests for parsers involving Stellar. Using the ChainParser approach, the data files (input and expected output) and parser config are kept in one place and it is easy to add new tests for a parser.

Sharing configuration
When parsers are created using Stellar, there is no clear way how the parser configuration files are shared.

Post processing
Note that Stellar can still be used for post-processing the parser output. Therefore, parsers can fully rely on all the Stellar functionality.

@nickwallen
Copy link
Contributor

@kevin91nl Thanks for the submission! I really do appreciate the clarity of your code and explanations.

Performance A ChainParser does not need to interpret a language the way Stellar does. We found that interpreting a language was a performance bottleneck in the parsers. In fact, we implemented a lightweight template engine in one of our links, but that was breaking the throughput rate of the parsers. Therefore, we removed this mechanism.

Can you elaborate on the performance bottleneck that you experienced?

I have tested this myself and found little to no performance difference between the execution of something written in raw Java versus Stellar. I compared doing Geo enrichments in the legacy Java adapter versus doing them with GEO_GET in Stellar. I also compared doing enrichments with the legacy HBase Java adapter versus ENRICHMENT_GET.

Maybe the root cause of the performance bottleneck that you experienced was something else, a tuning issue or an unexpected problem with your template engine? There also certainly could be a performance bug somewhere in Stellar that I am not aware of, but I think it is reasonable to expect similar performance between raw Java and Stellar. If we do have a performance issue with Stellar, then I'd like to isolate and address it.

@nickwallen
Copy link
Contributor

nickwallen commented Mar 21, 2018

@kevin91nl said... Stateful parsing: In one of our to-be-written parsers, we need to read an external file, parse the file and keep the parsed file in memory. As far as I can see, Stellar is stateless and not capable of keeping data in memory. It might be possible by using environment variables, but this approach might get messy.

With the heavy caching we use I wouldn't expect this to be a problem. There is also a function OBJECT_GET that allows you to specifically customize a backing cache. This seems to fit the use case that you are describing, but I could be wrong.

https://github.com/apache/metron/tree/master/metron-stellar/stellar-common#object_get

@nickwallen
Copy link
Contributor

@kevin91nl I do think that you've introduced a really useful concept though; chained parsers. I did not want to leave that unsaid.

Your points about testing and sharing configuration are completely valid and should be addressed. Maybe there are also usability improvements we could make here based on your experience.

Ultimately, I think doing a little work to merge your chained parsers into the existing architecture and Stellar would be really useful.

@kevin91nl
Copy link
Author

kevin91nl commented Mar 22, 2018

@nickwallen We used Jinjava for rendering Jinja templates, but that drastically decreased the EPS of our parsers. Now we use simple replaces of variables, but it is less flexible than the template rendering engine. I think it is not a fair comparison to the language interpreter of Stellar, since the language interpreter of Stellar would be focused on speed as you showed with the comparison.

I was not aware of the OBJECT_GET method of Stellar, but it might get messy when the object is preprocessed in Stellar.

Next week I will discuss the findings and update the pull request such that it fits into the existing architecture.

@kevin91nl
Copy link
Author

What exact changes are needed such that it fits in the existing architecture?

@nickwallen
Copy link
Contributor

@kevin91nl I think the discussion that you have helped spark here is worthy of a separate email discuss thread.

This is going to take more thought and discussion in the community to land on a good solution. What you've shown here are some great use cases that will help drive that discussion.

I think there are others in the community with slightly different views on how this should be done. Hopefully we can get everyone's minds working together in a discuss thread.

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

5 participants