Choosing the right database is a critical choice when building any software application. All databases have different strengths and weaknesses when it comes to performance, so deciding which database has the most benefits and the most minor downsides for your specific use case and data model is an important decision. Below you will find an overview of the key concepts, architecture, features, use cases, and pricing models of Apache Druid and Elasticsearch so you can quickly see how they compare against each other.

The primary purpose of this article is to compare how Apache Druid and Elasticsearch perform for workloads involving time series data, not for all possible use cases. Time series data typically presents a unique challenge in terms of database performance. This is due to the high volume of data being written and the query patterns to access that data. This article doesn’t intend to make the case for which database is better; it simply provides an overview of each database so you can make an informed decision.

Apache Druid vs Elasticsearch Breakdown


 
Database Model

Columnar database

Distributed search and analytics engine, document-oriented

Architecture

Druid can be deployed on-premises, in the cloud, or using a managed service

Elasticsearch is built on top of Apache Lucene and uses a RESTful API for communication. It stores data in a flexible JSON document format, and the data is automatically indexed for fast search and retrieval. Elasticsearch can be deployed as a single node, in a cluster configuration, or as a managed cloud service (Elastic Cloud)

License

Apache 2.0

Elastic License

Use Cases

Real-time analytics, OLAP, time series data, event-driven data, log analytics, ad tech, user behavior analytics

Full-text search, log and event data analysis, real-time application monitoring, analytics

Scalability

Horizontally scalable, supports distributed architectures for high availability and performance

Horizontally scalable with support for data sharding, replication, and distributed querying

Looking for the most efficient way to get started?

Whether you are looking for cost savings, lower management overhead, or open source, InfluxDB can help.

Apache Druid Overview

Apache Druid is an open-source, real-time analytics database designed for high-performance querying and data ingestion. Originally developed by Metamarkets in 2011 and later donated to the Apache Software Foundation in 2018, Druid has gained popularity for its ability to handle large volumes of data with low latency. With a unique architecture that combines elements of time series databases, search systems, and columnar storage, Druid is particularly well-suited for use cases involving event-driven data and interactive analytics.

Elasticsearch Overview

Elasticsearch is an open-source distributed search and analytics engine built on top of Apache Lucene. It was first released in 2010 and has since become popular for its scalability, near real-time search capabilities, and ease of use. Elasticsearch is designed to handle a wide variety of data types, including structured, unstructured, and time-based data. It is often used in conjunction with other tools from the Elastic Stack, such as Logstash for data ingestion and Kibana for data visualization.


Apache Druid for Time Series Data

Apache Druid is designed for real time analytics and can be a good fit for working with time series data that needs to be analyzed quickly after being written. Druid also offers integrations for storing historical data in cheaper object storage so historical time series data can also be analyzed using Druid.

Elasticsearch for Time Series Data

Elasticsearch can be used for time series data storage and analysis, thanks to its distributed architecture, near real-time search capabilities, and support for aggregations. However, it might not be as optimized for time series data as dedicated time series databases. Despite this, Elasticsearch is widely used for log and event data storage and analysis which can be considered time series data.


Apache Druid Key Concepts

  • Data Ingestion: The process of importing data into Druid from various sources, such as streaming or batch data sources.
  • Segments: The smallest unit of data storage in Druid, segments are immutable, partitioned, and compressed.
  • Data Rollup: The process of aggregating raw data during ingestion to reduce storage requirements and improve query performance.
  • Nodes: Druid’s architecture consists of different types of nodes, including Historical, Broker, Coordinator, and MiddleManager/Overlord, each with specific responsibilities.
  • Indexing Service: Druid’s indexing service manages the process of ingesting data, creating segments, and publishing them to deep storage.

Elasticsearch Key Concepts

  • Inverted Index: A data structure used by Elasticsearch to enable fast and efficient full-text searches.
  • Cluster: A group of Elasticsearch nodes that work together to distribute data and processing tasks.
  • Shard: A partition of an Elasticsearch index that allows data to be distributed across multiple nodes for improved performance and fault tolerance.


Apache Druid Architecture

Apache Druid is a powerful distributed data store designed for real-time analytics on large datasets. Within its architecture, several core components play pivotal roles in ensuring its efficiency and scalability. Here is an overview of the core components that power Apache Druid.

  • Historical Nodes are fundamental to Druid’s data-serving capabilities. Their primary responsibility is to serve stored data to queries. To achieve this, they load segments from deep storage, retain them in memory, and then cater to the queries on these segments. When considering deployment and management, these nodes are typically stationed on machines endowed with significant memory and CPU resources. Their scalability is evident as they can be expanded horizontally simply by incorporating more nodes.
  • Broker Nodes act as the gatekeepers for incoming queries. Their main function is to channel these queries to the appropriate historical nodes or real-time nodes. Intriguingly, they are stateless, which means they can be scaled out to accommodate an increase in query concurrency.
  • Coordinator Nodes have a managerial role, overseeing the data distribution across historical nodes. Their decisions on which segments to load or drop are based on specific configurable rules. In terms of deployment, a Druid setup usually requires just one active coordinator node, with a backup node on standby for failover scenarios.
  • Overlord Nodes dictate the assignment of ingestion tasks, directing them to either middle manager or indexer nodes. Their deployment mirrors that of the coordinator nodes, with typically one active overlord and a backup for redundancy.
  • MiddleManager and Indexer Nodes are the workhorses of data ingestion in Druid. While MiddleManagers initiate short-lived tasks for data ingestion, indexers are designed for long-lived tasks. Given their intensive operations, these nodes demand high CPU and memory resources. Their scalability is flexible, allowing horizontal expansion based on the volume of data ingestion.
  • Deep Storage is a component that serves as Druid’s persistent storage unit. Druid integrates with various blob storage solutions like HDFS, S3, and Google Cloud Storage.
  • Metadata Storage is the repository for crucial metadata about segments, tasks, and configurations. Druid is compatible with popular databases for this purpose, including MySQL, PostgreSQL, and Derby.

Elasticsearch Architecture

Elasticsearch is a distributed, RESTful search and analytics engine that uses a schema-free JSON document data model. It is built on top of Apache Lucene and provides a high-level API for indexing, searching, and analyzing data. Elasticsearch’s architecture is designed to be horizontally scalable, with data distributed across multiple nodes in a cluster. Data is indexed using inverted indices, which enable fast and efficient full-text searches.

Free Time-Series Database Guide

Get a comprehensive review of alternatives and critical requirements for selecting yours.

Apache Druid Features

Data Ingestion

Apache Druid supports both real-time and batch data ingestion, allowing it to process data from various sources like Kafka, Hadoop, or local files. With built-in support for data partitioning, replication, and roll-up, Druid ensures high availability and efficient storage.

Scalability and Performance

Druid is designed to scale horizontally, providing support for large-scale deployments with minimal performance degradation. Its unique architecture allows for fast and efficient querying, making it suitable for use cases requiring low-latency analytics.

Columnar Storage

Druid stores data in a columnar format, enabling better compression and faster query performance compared to row-based storage systems. Columnar storage also allows Druid to optimize queries by only accessing relevant columns.

Time-optimized Indexing

Druid’s indexing service creates segments with time-based partitioning, optimizing data storage and retrieval for time-series data. This feature significantly improves query performance for time-based queries. Data Rollups

Druid’s data rollup feature aggregates raw data during ingestion, reducing storage requirements and improving query performance. This feature is particularly beneficial for use cases involving high-cardinality data or large volumes of similar data points.

Elasticsearch Features

Elasticsearch provides powerful full-text search capabilities with support for complex queries, scoring, and relevance ranking.

Scalability

Elasticsearch’s distributed architecture enables horizontal scalability, allowing it to handle large volumes of data and high query loads.

Aggregations

Elasticsearch supports various aggregation operations, such as sum, average, and percentiles, which are useful for analyzing and summarizing data.


Apache Druid Use Cases

Geospatial Analysis

Apache Druid provides support for geospatial data and queries, making it suitable for use cases that involve location-based data, such as tracking the movement of assets, analyzing user locations, or monitoring the distribution of events. Its ability to efficiently process large volumes of geospatial data enables users to gain insights and make data-driven decisions based on location information.

Machine Learning and AI

Druid’s high-performance data processing capabilities can be leveraged for preprocessing and feature extraction in machine learning and AI workflows. Its support for real-time data ingestion and low-latency querying make it suitable for use cases that require real-time predictions or insights, such as recommendation systems or predictive maintenance.

Real-Time Analytics

Apache Druid’s low-latency querying and real-time data ingestion capabilities make it an ideal solution for real-time analytics use cases, such as monitoring application performance, user behavior, or business metrics.

Elasticsearch Use Cases

Log and Event Data Analysis

Elasticsearch is widely used for storing and analyzing log and event data, such as web server logs, application logs, and network events, to help identify patterns, troubleshoot issues, and monitor system performance.

Elasticsearch is a popular choice for implementing full-text search functionality in applications, websites, and content management systems due to its powerful search capabilities and flexible data model.

Security Analytics

Elasticsearch, in combination with other Elastic Stack components, can be used for security analytics, such as monitoring network traffic, detecting anomalies, and identifying potential threats.


Apache Druid Pricing Model

Apache Druid is an open source project, and as such, it can be self-hosted at no licensing cost. However, organizations that choose to self-host Druid will incur expenses related to infrastructure, management, and support when deploying and operating Druid in their environment. These costs will depend on the organization’s specific requirements and the chosen infrastructure, whether it’s on-premises or cloud-based.

For those who prefer a managed solution, there are cloud services available that offer Apache Druid as a managed service, such as Imply Cloud. With managed services, the provider handles infrastructure, management, and support, simplifying the deployment and operation of Druid. Pricing for these managed services will vary depending on the provider and the selected service tier, which may include factors such as data storage, query capacity, and data ingestion rates.

Elasticsearch Pricing Model

Elasticsearch is open-source software and can be self-hosted without any licensing fees. However, operational costs, such as hardware, hosting, and maintenance, should be considered. Elasticsearch also offers a managed cloud service called Elastic Cloud, which provides various pricing tiers based on factors like storage, computing resources, and support. Elastic Cloud includes additional features and tools, such as Kibana, machine learning, and security features.