The world of big data is only getting bigger. Organizations of all stripes are producing more data year after year, and they're finding more ways to use that data to improve operations, better understand customers, and deliver products faster and at lower costs, among other applications. In addition, business executives looking to get value from data faster are seeking real-time analytics capabilities.
That's all driving significant investments in big data tools and technologies. In an August 2021 report, market research firm IDC pegged expected worldwide spending on big data and analytics systems at $215.7 billion in 2021, up 10.1% year over year. It also predicted that spending would grow at a compound annual growth rate of 12.8% through 2025.
The list of big data technologies is long, with numerous commercial products available to help organizations implement a full range of data-driven analytics initiatives -- from real-time reporting to machine learning applications.
In addition, there are many open source big data tools, some of which are also offered in commercial versions or as part of big data platforms and managed services. Here's a look at 17 popular open source tools and technologies for managing and analyzing big data, listed in alphabetical order with a summary of their key features and capabilities.
Airflow is a workflow management platform for scheduling and running complex data pipelines in big data systems. It enables data engineers and other users to ensure that each task in a workflow is executed in the designated order and has access to the required system resources. Airflow is also promoted as easy to use: Workflows are created in the Python programming language, and it can be used for building machine learning models, transferring data and various other purposes.
The platform originated at Airbnb in late 2014 and was officially announced as an open source technology in mid-2015; it joined the Apache Software Foundation's incubator program the following year and became an Apache top-level project in 2019. Airflow also includes the following key features:
- a modular and scalable architecture built around the concept of directed acyclic graphs (DAGs), which illustrate the dependencies between the different tasks in workflows;
- a web application UI to visualize data pipelines, monitor their production status and troubleshoot problems; and
- ready-made integrations with major cloud platforms and other third-party services.
2. Delta Lake
Databricks Inc., a software vendor founded by the creators of the Spark processing engine, developed Delta Lake and then opened sourced the Spark-based technology in 2019 through the Linux Foundation. The company describes Delta Lake as "an open format storage layer that delivers reliability, security and performance on your data lake for both streaming and batch operations."
Delta Lake doesn't replace data lakes; rather, it's designed to sit on top of them and create a single home for structured, semistructured and unstructured data, eliminating data silos that can stymie big data applications. Furthermore, using Delta Lake can help prevent data corruption, enable faster queries, increase data freshness and support compliance efforts, according to Databricks. The technology also:
- supports ACID transactions;
- stores data in an open Apache Parquet format; and
- includes a set of Spark-compatible APIs.
The Apache Drill website describes it as "a low latency distributed query engine for large-scale datasets, including structured and semi-structured/nested data." Drill can scale across thousands of cluster nodes and is capable of querying petabytes of data by using SQL and standard connectivity APIs.
Designed for exploring sets of big data, Drill layers on top of multiple data sources, enabling users to query a wide range of data in different formats, from Hadoop sequence files and server logs to NoSQL databases and cloud object storage. It can also do the following:
- access most relational databases through a plugin;
- work with commonly used BI tools, such as Tableau and Qlik; and
- run in any distributed cluster environment, although it requires Apache's ZooKeeper software to maintain information about clusters.
Druid is a real-time analytics database that delivers low latency for queries, high concurrency, multi-tenant capabilities and instant visibility into streaming data. Multiple end users can query the data stored in Druid at the same time with no impact on performance, according to its proponents.
Written in Java and created in 2011, Druid became an Apache technology in 2018. It's generally considered a high-performance alternative to traditional data warehouses that's best suited to event-driven data. Like a data warehouse, it uses column-oriented storage and can load files in batch mode. But it also incorporates features from search systems and time series databases, including the following:
- native inverted search indexes to speed up searches and data filtering;
- time-based data partitioning and querying; and
- flexible schemas with native support for semistructured and nested data.
Another Apache open source technology, Flink is a stream processing framework for distributed, high-performing and always-available applications. It supports stateful computations over both bounded and unbounded data streams and can be used for batch, graph and iterative processing.
One of the main benefits touted by Flink's proponents is its speed: It can process millions of events in real time for low latency and high throughput. Flink, which is designed to run in all common cluster environments, also includes the following features:
- in-memory computations with the ability to access disk storage when needed;
- three layers of APIs for creating different types of applications; and
- a set of libraries for complex event processing, machine learning and other common big data use cases.
A distributed framework for storing data and running applications on clusters of commodity hardware, Hadoop was developed as a pioneering big data technology to help handle the growing volumes of structured, unstructured and semistructured data. First released in 2006, it was almost synonymous with big data early on; it has since been partially eclipsed by other technologies but is still widely used.
Hadoop has four primary components:
- the Hadoop Distributed File System (HDFS), which splits data into blocks for storage on the nodes in a cluster, uses replication methods to prevent data loss and manages access to the data;
- YARN, short for Yet Another Resource Negotiator, which schedules jobs to run on cluster nodes and allocates system resources to them;
- Hadoop MapReduce, a built-in batch processing engine that splits up large computations and runs them on different nodes for speed and load balancing; and
- Hadoop Common, a shared set of utilities and libraries.
Initially, Hadoop was limited to running MapReduce batch applications. The addition of YARN in 2013 opened it up to other processing engines and use cases, but the framework is still closely associated with MapReduce. The broader Apache Hadoop ecosystem also includes various big data tools and additional frameworks for processing, managing and analyzing big data.
Hive is SQL-based data warehouse infrastructure software for reading, writing and managing large data sets in distributed storage environments. It was created by Facebook but then open sourced to Apache, which continues to develop and maintain the technology.
Hive runs on top of Hadoop and is used to process structured data; more specifically, it's used for data summarization and analysis, as well as for querying large amounts of data. Although it can't be used for online transaction processing, real-time updates, and queries or jobs that require low-latency data retrieval, Hive is described by its developers as scalable, fast and flexible.
Other key features include the following:
- standard SQL functionality for data querying and analytics;
- a built-in mechanism to help users impose structure on different data formats; and
- access to HDFS files and ones stored in other systems, such as the Apache HBase database.
8. HPCC Systems
HPCC Systems is a big data processing platform developed by LexisNexis before being open sourced in 2011. True to its full name -- High-Performance Computing Cluster -- the technology is, at its core, a cluster of computers built from commodity hardware to process, manage and deliver big data.
A production-ready data lake platform that enables rapid development and data exploration, HPCC Systems includes three main components:
- Thor, a data refinery engine that's used to cleanse, merge and transform data, and to profile, analyze and ready it for use in queries;
- Roxie, a data delivery engine used to serve up prepared data from the refinery; and
- Enterprise Control Language (ECL), a programming language for developing applications.
Hudi (pronounced hoodie) is short for Hadoop Upserts Deletes and Incrementals. Another open source technology maintained by Apache, it's used to manage the ingestion and storage of large analytics data sets on Hadoop-compatible file systems, including HDFS and cloud object storage services.
First developed by Uber, Hudi is designed to provide efficient and low-latency data ingestion and data preparation capabilities. Moreover, it includes a data management framework that organizations can use to do the following:
- simplify incremental data processing and data pipeline development;
- improve data quality in big data systems; and
- manage the lifecycle of data sets.
Iceberg is an open table format used to manage data in data lakes, which it does partly by tracking individual data files in tables rather than by tracking directories. Created by Netflix for use with the company's petabyte-sized tables, Iceberg is now an Apache project. According to the project's website, Iceberg typically "is used in production where a single table can contain tens of petabytes of data."
Designed to improve on the standard layouts that exist within tools like Hive, Presto, Spark and Trino, the Iceberg table format has functions similar to SQL tables in relational databases. However, it also accommodates multiple engines operating on the same data set. Other notable features include the following:
- schema evolution for modifying tables without having to rewrite or migrate data;
- hidden partitioning of data that avoids the need for users to maintain partitions; and
- a "time travel" capability that supports reproducible queries using the same table snapshot.
Kafka is a distributed event streaming platform that, according to Apache, is used by more than 80% of Fortune 100 companies and thousands of other organizations for high-performance data pipelines, streaming analytics, data integration and mission-critical applications. In simpler terms, Kafka is a framework for storing, reading and analyzing streaming data.
The technology decouples data streams and systems, holding the data streams so they can then be used elsewhere. It runs in a distributed environment and uses a high-performance TCP network protocol to communicate with systems and applications. Kafka was created by LinkedIn before being passed on to Apache in 2011.
The following are some of the key components in Kafka:
- a set of five core APIs for Java and the Scala programming language;
- fault tolerance for both servers and clients in Kafka clusters; and
- elastic scalability to up to 1,000 "brokers," or storage servers, per cluster.
Kylin is a distributed data warehouse and analytics platform for big data. It provides an online analytical processing, or OLAP, engine designed to support extremely large data sets. Because Kylin is built on top of other Apache technologies -- including Hadoop, Hive, Parquet and Spark -- it can easily scale to handle those large data loads, according to its backers.
It's also fast, delivering query responses measured in milliseconds. In addition, Kylin provides a simple interface for multidimensional analysis of big data and integrates with Tableau, Microsoft Power BI and other BI tools. Kylin was initially developed by eBay, which contributed it as an open source technology in 2014; it became a top-level project within Apache the following year. Other features it provides include the following:
- an ANSI SQL interface for multidimensional analysis of big data;
- integration with Tableau, Microsoft Power BI and other BI tools; and
- precalculation of multidimensional OLAP cubes to accelerate analytics.
Formerly known as PrestoDB, this open source SQL query engine can simultaneously handle both fast queries and large data volumes in distributed data sets. Presto is optimized for low-latency interactive querying and scales to support analytics applications across multiple petabytes of data in data warehouses and other repositories.
Development of Presto began at Facebook in 2012. When its creators left the company in 2018, the technology split into two branches: PrestoDB, which was still led by Facebook, and PrestoSQL, which the original developers launched. That continued until December 2020, when PrestoSQL was renamed Trino and PrestoDB reverted to the Presto name. The Presto open source project is now overseen by the Presto Foundation, which was set up as part of the Linux Foundation in 2019.
Presto also includes the following features:
- support for querying data in Hive, various databases and proprietary data stores;
- the ability to combine data from multiple sources in a single query; and
- query response times that typically range from less than a second to minutes.
Samza is a distributed stream processing system that was built by LinkedIn and is now an open source project managed by Apache. According to the project website, Samza enables users to build stateful applications that can do real-time processing of data from Kafka, HDFS and other sources.
The system can run on top of Hadoop YARN or Kubernetes and also offers a standalone deployment option. The Samza site says it can handle "several terabytes" of state data, with low latency and high throughput for fast data analysis. Via a unified API, it can also use the same code written for data streaming jobs to run batch applications. Other features include the following:
- built-in integration with Hadoop, Kafka and several other data platforms;
- the ability to run as an embedded library in Java and Scala applications; and
- fault-tolerant features designed to enable rapid recovery from system failures.
Spark is an in-memory data processing and analytics engine that can run on clusters managed by Hadoop YARN, Mesos and Kubernetes or in a standalone mode. It enables large-scale data transformations and analysis and can be used for both batch and streaming applications, as well as machine learning and graph processing use cases. That's all supported by the following set of built-in modules and libraries:
- Spark SQL, for optimized processing of structured data via SQL queries;
- Spark Streaming and Structured Streaming, two stream processing modules;
- MLlib, a machine learning library that includes algorithms and related tools; and
- GraphX, an API that adds support for graph applications.
Data can be accessed from various sources, including HDFS, relational and NoSQL databases, and flat-file data sets. Spark also supports various file formats and offers a diverse set of APIs for developers.
But its biggest calling card is speed: Spark's developers claim it can perform up to 100 times faster than traditional counterpart MapReduce on batch jobs when processing in memory. As a result, Spark has become the top choice for many batch applications in big data environments, while also functioning as a general-purpose engine. First developed at the University of California, Berkeley and now maintained by Apache, it can also process on disk when data sets are too large to fit into the available memory.
Another Apache open source technology, Storm is a distributed real-time computation system that's designed to reliably process unbounded streams of data. According to the project website, it can be used for applications that include real-time analytics, online machine learning and continuous computation, as well as extract, transform and load (ETL) jobs.
Storm clusters are akin to Hadoop ones, but applications continue to run on an ongoing basis unless they're stopped. The system is fault-tolerant and guarantees that data will be processed. In addition, the Apache Storm site says it can be used with any programming language, message queueing system and database. Storm also includes the following elements:
- a Storm SQL feature that enables SQL queries to be run against streaming data sets;
- Trident and Streams API, two other higher-level interfaces for processing in Storm; and
- use of the Apache Zookeeper technology to coordinate clusters.
As mentioned above, Trino is one of the two branches of the Presto query engine. Known as PrestoSQL until it was rebranded in December 2020, Trino "runs at ludicrous speed," in the words of the Trino Software Foundation. That group, which oversees Trino's development, was originally formed in 2019 as the Presto Software Foundation; its name was also changed as part of the rebranding.
Trino enables users to query data regardless of where it's stored, with support for natively running queries in Hadoop and other data repositories. Like Presto, Trino also:
- is built for both ad hoc interactive analytics and long-running batch queries;
- can combine data from multiple systems in queries; and
- works with Tableau, Power BI, R and other BI and analytics tools.
Also to consider: NoSQL databases
NoSQL databases are another major type of big data technology. They break with conventional SQL-based relational database design by supporting flexible schemas, which makes them well suited for handling huge volumes of all types of data -- particularly unstructured and semistructured data that isn't a good fit for the strict schemas used in relational systems.
NoSQL software emerged in the late 2000s to help address the increasing amounts of diverse data that organizations were generating, collecting and looking to analyze as part of big data initiatives. Since then, NoSQL databases have been widely adopted and are now used in enterprises across industries. Many are open source technologies that are also offered in commercial versions by vendors, while some are proprietary products controlled by a single vendor.
In addition, NoSQL databases themselves come in various types that support different big data applications. These are the four major NoSQL categories, with examples of the available technologies in each one:
- Document databases. They store data elements in document-like structures, using formats such as JSON. Examples include Apache CouchDB, Couchbase Server, MarkLogic and MongoDB.
- Graph databases. They connect data "nodes" in graph-like structures to emphasize the relationships between data elements. Examples include AllegroGraph, Amazon Neptune and Neo4j.
- Key-value stores. They pair unique keys and associated values in a relatively simple data model that can scale easily. Examples include Aerospike, Amazon DynamoDB and Redis.
- Wide-column databases. They store data across tables that can contain very large numbers of columns to handle lots of data elements. Examples include Cassandra, Google Cloud Bigtable and HBase.
Multimodel databases have also been created with support for different NoSQL approaches, as well as SQL in some cases; ArangoDB and Microsoft's Azure Cosmos DB are examples. Other NoSQL vendors have added multimodel support to their databases. For example, MarkLogic now includes a graph store, Couchbase Server supports key-value pairs and Redis offers document and graph database modules.