Parsing sucks! Watch our on-demand webinar and learn what you can do about it! >>

AxoSyslog 4.9.0 introduces support for ClickHouse as a destination, allowing you to send your collected data directly to a self-hosted ClickHouse database. Our community has long requested this feature, and we’re excited to deliver it in our latest release. Integrating AxoSyslog with ClickHouse opens new possibilities for efficient log data ingestion, storage, and analysis.

What is AxoSyslog?

AxoSyslog is a high-performance, open-source event (log, metrics, traces) processing solution. As a modern fork of syslog-ng, it excels at collecting, filtering, parsing, and transforming log data from various sources. Designed for cloud-native environments, AxoSyslog offers features such as:

  • Container Support: Easy deployment in containerized environments.
  • Helm Charts: Simplified Kubernetes deployments.
  • eBPF Integration: Efficient kernel-level data collection for minimal overhead.

AxoSyslog enables organizations to process large volumes of log data with high throughput and low latency, making it ideal for modern IT infrastructures.

What is ClickHouse?

ClickHouse is a high-performance, open-source columnar database management system optimized for real-time analytical processing. It’s capable of handling large volumes of data at incredible speeds, thanks to features like:

  • Columnar Storage: Efficient data compression and faster query execution.
  • Distributed Architecture: Scalability across multiple nodes.
  • Powerful SQL Support: Advanced querying capabilities for complex data analysis.

ClickHouse is widely used for analytics applications, including log analysis, due to its ability to process structured and semi-structured data efficiently.

Why is this integration important?

The integration of AxoSyslog with ClickHouse brings together two powerful technologies that complement each other perfectly:

  • High-Performance Data Ingestion: AxoSyslog’s efficient log processing ensures rapid ingestion of log data, which can now be seamlessly directed into ClickHouse.
  • Real-Time Analytics: With ClickHouse’s optimized query engine and columnar storage, users can perform real-time analytics on log data, enabling proactive monitoring and troubleshooting.
  • Scalability and Flexibility: Both tools are designed to handle large-scale data workloads, making them suitable for enterprises requiring scalable solutions.
  • Community-Driven Development: As open-source projects, AxoSyslog and ClickHouse benefit from community contributions, fostering innovation and reducing licensing costs.

This integration empowers organizations to build robust, scalable, and cost-effective log management and analytics platforms.

How to get started

To help you leverage this new integration, we’ve prepared a step-by-step guide. This example demonstrates how to:

  1. Set up a ClickHouse server.
  2. Configure it to accept data via gRPC.
  3. configure AxoSyslog to send log data to ClickHouse.

Step 1: Create a Docker Network

First, create a Docker network to allow the ClickHouse server and AxoSyslog to communicate:

# Create Docker demo network
docker network create clickhouse-net

Step 2: Configure ClickHouse for gRPC Input

Create a grpc.xml configuration file for ClickHouse to enable gRPC input, and place this file in your current working directory.

<clickhouse>
  <listen_host>0.0.0.0</listen_host>
  <grpc_port>9100</grpc_port>
  <grpc>
    <enable_ssl>false</enable_ssl>
    <compression>deflate</compression>
    <compression_level>medium</compression_level>
    <max_send_message_size>-1</max_send_message_size>
    <max_receive_message_size>-1</max_receive_message_size>
    <verbose_logs>false</verbose_logs>
  </grpc>
</clickhouse>

Step 3: Run the ClickHouse Server

Start the ClickHouse server with the gRPC configuration:

# Run ClickHouse server
docker run -d \
  -p 9000:9000 \
  -p 8123:8123 \
  -p 9100:9100 \
  -v $(PWD):/etc/clickhouse-server/config.d/ \
  --network clickhouse-net \
  --name clickhouse-server \
  clickhouse/clickhouse-server

Step 4: Create the ClickHouse Destination Table

Use the ClickHouse client to create a table where AxoSyslog will send data:

# Connect to ClickHouse client
docker run -it --rm \
  --network clickhouse-net \
  clickhouse/clickhouse-client \
  --host clickhouse-server

Once connected, create the table:

CREATE TABLE my_first_table
(
  user_id UInt32,
  message String,
  timestamp DateTime,
  metric Float32
)
ENGINE = MergeTree
PRIMARY KEY (user_id, timestamp);

Exit the ClickHouse client after the table is created.

Step 5: Configure AxoSyslog

Create a syslog-ng.conf file to configure AxoSyslog:

log {
  source { example-msg-generator(freq(0.0001)); };
  destination {
    clickhouse(
      database("default")
      table("my_first_table")
      user("default")
      password("")
      url("clickhouse-server:9100")
      schema(
        "user_id" UInt32 => $R_MSEC,
        "message" String => "$MSG",
        "timestamp" DateTime => "$R_UNIXTIME",
        "metric" Float32 => 3.14
      )
      workers(4)
      batch-lines(1)
      batch-timeout(1000)
    );
  };
};

Note: Ensure the url parameter points to clickhouse-server:9100 as both containers are on the same Docker network.

Step 6: Run AxoSyslog

Start the AxoSyslog container with the custom configuration:

# Run AxoSyslog instance
docker run --rm -it \
  --network clickhouse-net \
  --entrypoint=sh \
  -v $(PWD)/syslog-ng.conf:/etc/syslog-ng/syslog-ng.conf \
  ghcr.io/axoflow/axosyslog:latest

Inside the container, start AxoSyslog:

# Start AxoSyslog
syslog-ng

AxoSyslog will now start generating example messages and send them to ClickHouse.

Step 7: Verify Data Ingestion

Use the ClickHouse client to query the ingested data:

# Connect to ClickHouse client
docker run -it --rm \
  --network clickhouse-net \
  clickhouse/clickhouse-client \
  --host clickhouse-server

Run the following SQL query:

SELECT * FROM my_first_table;

This confirms that AxoSyslog is successfully sending data to ClickHouse.

Conclusion

The addition of ClickHouse destination support in AxoSyslog 4.9.0 marks a significant milestone in our commitment to providing robust and scalable log management solutions. This integration allows users to leverage the high-performance log processing of AxoSyslog with the powerful analytical capabilities of ClickHouse.

We encourage the community to explore this new feature and share feedback. Together, we can continue to enhance and innovate within the open-source ecosystem.

Get Started Today!

Download AxoSyslog 4.9.0 and start harnessing the power of ClickHouse for your log analytics needs.

For any questions or contributions, feel free to join our community discussions or submit issues and pull requests on GitHub.

 

On-deman Webinar

Parsing
sucks!

What can you do
about it?

56 minutes

Balázs SCHEIDLER

Balázs SCHEIDLER

Founder syslog-ng™

Mark BONSACK

Mark BONSACK

Co-creator SC4S

Sándor GUBA

Sándor GUBA

Founder Logging Operator

Neil BOYD

Neil BOYD

Moderator

On-demand Webinar

Parsing
sucks!

What can you do about it?

56 minutes

Follow Our Progress!

We are excited to be realizing our vision above with a full Axoflow product suite.