See Rockset
in action

Get a product tour with a Rockset engineer

Apache Druid vs Elasticsearch

Compare and contrast Apache Druid and Elasticsearch by architecture, ingestion, queries, performance, and scalability.

Compare Apache Druid to Rockset here

Compare Elasticsearch to Rockset here

Apache Druid vs Elasticsearch Architecture

Architecture
Apache Druid
Elasticsearch
Deployment model
• SaaS or self managed. • Imply’s Druid cloud offering requires customers to configure, scale, and capacity plan
On-prem, PaaS options
Use of storage hierarchy
• Queries are served from data on disk and an in-memory cache • Cloud storage or HDFS for deep storage
• Hot, warm and cold storage on disk • Frozen storage on cloud storage
Isolation of ingest and query
• Ingestion and queries are run on the same node by default • The ingestion and querying processes can be run on separate nodes, however not for real-time data
No - There are dedicated ingestion nodes but indexing, compaction and updates occur on the data nodes
Separation of compute and storage
No, although Imply’s offering separates compute and storage
No
Isolation for multiple applications
No
Full isolation with replication

Druid’s architecture employs nodes called data servers that are used for both ingestion and queries. High ingestion or query load can cause CPU and memory contention compared with Druid alternatives. Breaking apart the pre-packaged ingestion and query server components involves planning ahead and additional complexity, and is not dynamic.

Elasticsearch is an open-source distributed search engine built on Apache Lucene, a full text search library. Elasticsearch is a distributed system, which means that it is designed to operate across multiple nodes, each responsible for a part of the data.

Apache Druid vs Elasticsearch Ingestion

Ingestion
Apache Druid
Elasticsearch
Data sources
Data connectors to: • Events streams (e.g. Kafka, Kinesis) • Data lakes (e.g. S3, Google Cloud Storage) • RDBMS and HDFS databases CDC events from databases require manual conversion to Druid events
• Logstash JDBC input plugin for relational databases • Open-source Kafka plugin or Kafka Elasticsearch Service Sink Connector (available only to managed Confluent and Elasticsearch) • REST APIs or client libraries to sync data directly from the application
Semi structured data
Druid requires flattening nested data at ingest and maintaining a flattening spec as the schema changes over time
Yes- Ingests JSON and XML without a predefined schema
Transformations and rollups
Yes, using ingestion specs written in JSON support rollups and simple transformations. SQL ingest transformations available for Imply
Yes - Ingest pipelines can be configured to remove fields, extract values from text and enrich data. Ingest pipelines require ingest nodes in the cluster. Rolling up historical data is in technical preview

Druid has built-in connectors that manage ingestion from common data sources. Unlike some Druid competitors, it doesn’t support nested data, so data must be flattened at ingest. Denormalization is also required at ingest, increasing operational burden for certain use cases.

Elasticsearch has a number of integrations as well as a REST API. It is a NoSQL database and natively supports semi-structured data. Transformations typically occur upstream so that data can be modeled for optimal performance before it is indexed in Elasticsearch.

Apache Druid vs Elasticsearch Performance

Performance
Apache Druid
Elasticsearch
Updates
Druid segments become immutable once committed and published, making it more appropriate for append-only use cases
Update API can update, delete or skip modifying the document. The entire document must be reindexed; in-place updates are not supported
Indexing
• Bitmap index
Inverted index
Query latency
Typically sub-second query latency for denormalized, flattened datasets up to 100s of TBs
50-1000ms queries on 100s of TBs
Storage format
Columnar format partitioned by time
JSON documents
Streaming ingest
• Sub 15 seconds
• Ingests on a per-record or batch basis • Data latency on a per-record basis is typically 1-2 seconds

Druid is designed to make streaming data queryable as quickly as possible. JOINs are either impossible or incur a large performance penalty. Updates are only possible via batch jobs. Druid leverages data denormalization and write-time aggregation at ingestion to reduce query latency.

Elasticsearch is a search engine that utilizes an inverted index. Although this approach leads to storage amplification, it also enables low-latency queries that demand less computation. Elasticsearch is tailored to accommodate large scale, append-only data such as logs, events, and metrics. To manage frequently updated data, users often utilize the Bulk API to minimize computational costs and ensure consistent query performance.

Apache Druid vs Elasticsearch Queries

Queries
Apache Druid
Elasticsearch
Joins
Yes, only for datasets that fit in memory, and with a query latency penalty
No- Need to use workarounds including data denormalization, application-side joins, nested objects or parent-child relationships
Query language
Druid native queries • Druid SQL
DSL - domain specific language
Developer tooling
• Druid SQL API
• REST API • Java, Javascript, Go, .NET, PHP, Perl, Python, Ruby, Rust
Visualization tools
Pivot, maintained by Imply
• Kibana • PowerBI, Qlik, Tableau

Druid has a native JSON-based query language and provides Druid SQL as an alternative that translates into its native queries. JOINs are not recommended.

Elasticsearch has its own domain specific language (DSL) based on JSON. Joins are not a first class citizen in Elasticsearch requiring a number of complex and expensive workarounds. Elasticsearch is known for its developer tooling and supports a number of client libraries. Kibana is the visualization layer for Elasticsearch and is frequently used for log analytics and monitoring.

Apache Druid vs Elasticsearch Scalability

Scalability
Apache Druid
Elasticsearch
Vertical scaling
Users can manually increase or decrease server sizes
Manually resize machines
Horizontal scaling
• Users can manually add additional nodes to a scaled-out cluster. • Imply automates some of the horizontal scaling process.
• Elasticsearch is horizontally scalable and can scale by adding nodes to the cluster • When using managed Elastic, autoscaling policies can be used to self-monitor cluster health and it is the responsibility of the operator to update resource allocations either manually or using APIs. Elasticsearch rebalances the data automatically obeying shard allocation rules • There are many cluster-level operations that need to be monitored when scaling

Druid users are exposed to complex decisions about the number and size of servers as clusters are scaled.

Elasticsearch is horizontally scalable and can scale by adding more nodes to the cluster. Its tightly coupled architecture means that compute and storage scale together for performance. This often results in resource contention and overprovisioning. Scaling Elasticsearch often requires deep expertise as there are many levels of the system that need to be managed- the server, operating system, network and software.