Skip to main content

From Scribe to Apache Flume: How Early Log Pipelines Scaled Beyond a Terabyte a Day

By Anonymous
In the early 2010s, large-scale web companies needed reliable pipelines capable of moving terabytes of log data per day. Facebook’s Scribe pioneered this space, and Apache Flume became the first open, community-driven pipeline for distributed log collection. This refreshed article modernizes the original example and explains how Flume’s agents, collectors and failover chains enabled durable ingestion into HDFS long before today’s streaming platforms.

Before today’s streaming stacks existed, Facebook’s Scribe was one of the first systems that could reliably manage multi-terabyte daily log volumes. Soon after, Apache Flume emerged as an incubator project and quickly became a standard solution for large-scale log transport into Hadoop environments.

Flume introduced a simple, extensible model: sources pull or receive log events, channels buffer them reliably and sinks deliver them into storage systems such as HDFS. For the Hadoop era, this was a breakthrough—fully open source, fast, resilient and without any proprietary dependencies.

Simplifying Deployment in Early Hadoop Clusters

Users of the Cloudera Distribution could install the full Flume stack via: 

yum install flume-master
yum install flume-node

Flume supported several input mechanisms:

  • Plain text file ingestion
  • Tail-following for rolling logs
  • Syslog over UDP or TCP
  • Synthetic or test event sources

Example Architecture: 100-Node Web Cluster

Imagine a large web farm producing hundreds of megabytes of raw logs per minute. Flume agents collect the incoming logs, buffer them and forward the events to Flume collectors. The collectors compress, sort and write the log batches into HDFS—with a well-defined directory layout based on time.

Sample Flume Configuration (Historical Format)

collector1.local : autoCollectorSource | collectorSink(
  "hdfs://namenode.local:9000/user/flume/weblogs/%Y-%m-%d/%H00/%M/",
  "%{host}-"
);
collector2.local : autoCollectorSource | collectorSink(
  "hdfs://namenode.local:9000/user/flume/weblogs/%Y-%m-%d/%H00/%M/",
  "%{host}-"
);
collector3.local : autoCollectorSource | collectorSink(...);
collector4.local : autoCollectorSource | collectorSink(...);

agent1.local : syslogTcp("19800") | autoE2EChain;
agent2.local : syslogTcp("19800") | autoE2EChain;

The autoE2EChain provided an automatic failover path: if a collector became unresponsive, the chain reordered the routing priority. The Flume master UI visualized these logical mappings.

Inspecting Agent State

Every agent maintained internal directories indicating event state: 

# cd /tmp/flume/agent/agent1.local/
# ls
done  logged  sending  sent  writing

Active log files being written appeared in writing/: 

-rw-r--r-- 1 flume flume 418M log.00000019.20111011-162503316+0200.seq

Collector Processing and HDFS Delivery

Collectors compressed batches and stored them in minute-sized partitions in HDFS. Bzip2 was widely used due to its block-marker structure, which allows parallelization and efficient splitting. 

# tail -f -n 10 /var/log/flume/*.log
... Creating compressed HDFS file ...
... Finishing checksum group ...
... moved from partial to complete ...
... Closing HDFS file ...

This pipeline reliably produced compressed, time-partitioned, host-tagged log files—a pattern still used by modern data platforms.

How This Maps to Modern Systems

Although today we rely on Kafka, Fluent Bit, Vector, Iceberg ingest pipelines and cloud-native collectors, the architectural principles remain identical: high-throughput ingestion, buffering for durability, structured partitioning and reliable delivery into analytical storage.

Flume represents one of the foundational steps in the evolution of distributed log ingestion.

References

[1] Apache Flume Documentation
[2] Cloudera Flume Installation Guide

Related guides:

If you need help with distributed systems, backend engineering, or data platforms, check my Services.

Labels:

Most read articles

Why Is Customer Obsession Disappearing?

By
Many companies trade real customer-obsession for automated, low-empathy support. Through examples from Coinbase, PayPal, GO Telecommunications and AT&T, this article shows how reliance on AI chatbots, outsourced call centers, and KPI-driven workflows erodes trust, NPS and customer retention. It argues that human-centric support—treating support as strategic investment instead of cost—is still a core growth engine in competitive markets. It's wild that even with all the cool tech we've got these days, like AI solving complex equations and doing business across time zones in a flash, so many companies are still struggling with the basics: taking care of their customers. The drama around Coinbase's customer support is a prime example of even tech giants messing up. And it's not just Coinbase — it's a big-picture issue for the whole industry. At some point, the idea of "customer obsession" got replaced with "customer automation," and no...
Read more

How to scale MySQL perfectly

By
When MySQL reaches its limits, scaling cannot rely on hardware alone. This article explains how strategic techniques such as caching, sharding and operational optimisation can drastically reduce load and improve application responsiveness. It outlines how in-memory systems like Redis or Memcached offload repeated reads, how horizontal sharding mechanisms distribute data for massive scale, and how tools such as Vitess, ProxySQL and HAProxy support routing, failover and cluster management. The summary also highlights essential practices including query tuning, indexing, replication and connection management. Together these approaches form a modern DevOps strategy that transforms MySQL from a single bottleneck into a resilient, scalable data layer able to grow with your application. When your MySQL database reaches its performance limits, vertical scaling through hardware upgrades provides a temporary solution. Long-term growth, though, requires a more comprehensive approach. This invo...
Read more

What the Heck is Superposition and Entanglement?

By
This post is about superposition and interference in simple, intuitive terms. It describes how quantum states combine, how probability amplitudes add, and why interference patterns appear in systems such as electrons, photons and waves. The goal is to give a clear, non mathematical understanding of how quantum behavior emerges from the rules of wave functions and measurement. If you’ve ever heard the words superposition or entanglement thrown around in conversations about quantum physics, you may have nodded politely while your brain quietly filed them away in the "too confusing to deal with" folder.  These aren't just theoretical quirks; they're the foundation of mind-bending tech like Google's latest quantum chip, the Willow with its 105 qubits. Superposition challenges our understanding of reality, suggesting that particles don't have definite states until observed. This principle is crucial in quantum technologies, enabling phenomena like quantum comp...
Read more