How can you filter out duplicate events from a Kafka topic based on a field in the event, producing a new stream of unique events per time window?
This tutorial installs Confluent Platform using Docker. Before proceeding:
• Install Docker Desktop (version 4.0.0 or later) or Docker Engine (version 19.03.0 or later) if you don’t already have it
• Install the Docker Compose plugin if you don’t already have it. This isn’t necessary if you have Docker Desktop since it includes Docker Compose.
• Start Docker if it’s not already running, either by starting Docker Desktop or, if you manage Docker Engine with systemd, via systemctl
• Verify that Docker is set up properly by ensuring no errors are output when you run docker info and docker compose version on the command line
To get started, make a new directory anywhere you’d like for this project:
mkdir finding-distinct && cd finding-distinct
Then make the following directories to set up its structure:
mkdir src test
Next, create the following docker-compose.yml file to obtain Confluent Platform (for Kafka in the cloud, see Confluent Cloud):
version: '2'
services:
broker:
image: confluentinc/cp-kafka:7.4.1
hostname: broker
container_name: broker
ports:
- 29092:29092
environment:
KAFKA_BROKER_ID: 1
KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: PLAINTEXT:PLAINTEXT,PLAINTEXT_HOST:PLAINTEXT,CONTROLLER:PLAINTEXT
KAFKA_ADVERTISED_LISTENERS: PLAINTEXT://broker:9092,PLAINTEXT_HOST://localhost:29092
KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR: 1
KAFKA_GROUP_INITIAL_REBALANCE_DELAY_MS: 0
KAFKA_TRANSACTION_STATE_LOG_MIN_ISR: 1
KAFKA_TRANSACTION_STATE_LOG_REPLICATION_FACTOR: 1
KAFKA_PROCESS_ROLES: broker,controller
KAFKA_NODE_ID: 1
KAFKA_CONTROLLER_QUORUM_VOTERS: 1@broker:29093
KAFKA_LISTENERS: PLAINTEXT://broker:9092,CONTROLLER://broker:29093,PLAINTEXT_HOST://0.0.0.0:29092
KAFKA_INTER_BROKER_LISTENER_NAME: PLAINTEXT
KAFKA_CONTROLLER_LISTENER_NAMES: CONTROLLER
KAFKA_LOG_DIRS: /tmp/kraft-combined-logs
CLUSTER_ID: MkU3OEVBNTcwNTJENDM2Qk
schema-registry:
image: confluentinc/cp-schema-registry:7.3.0
hostname: schema-registry
container_name: schema-registry
depends_on:
- broker
ports:
- 8081:8081
environment:
SCHEMA_REGISTRY_HOST_NAME: schema-registry
SCHEMA_REGISTRY_KAFKASTORE_BOOTSTRAP_SERVERS: broker:9092
ksql-server:
image: confluentinc/ksqldb-server:0.28.2
hostname: ksql-server
container_name: ksql-server
depends_on:
- broker
- schema-registry
ports:
- 8088:8088
environment:
KSQL_CONFIG_DIR: /etc/ksqldb
KSQL_LOG4J_OPTS: -Dlog4j.configuration=file:/etc/ksqldb/log4j.properties
KSQL_BOOTSTRAP_SERVERS: broker:9092
KSQL_HOST_NAME: ksql-server
KSQL_LISTENERS: http://0.0.0.0:8088
KSQL_KSQL_SCHEMA_REGISTRY_URL: http://schema-registry:8081
KSQL_KSQL_STREAMS_AUTO_OFFSET_RESET: earliest
KSQL_KSQL_STREAMS_CACHE_MAX_BYTES_BUFFERING: 0
ksql-cli:
image: confluentinc/ksqldb-cli:0.28.2
container_name: ksql-cli
depends_on:
- broker
- ksql-server
entrypoint: /bin/sh
environment:
KSQL_CONFIG_DIR: /etc/ksqldb
tty: true
volumes:
- ./src:/opt/app/src
- ./test:/opt/app/test
And launch it by running:
docker compose up -d
To begin developing interactively, open up the KSQL CLI:
docker exec -it ksql-cli ksql http://ksql-server:8088To start off the implementation of this scenario, we will create a stream that represents the clicks from the users. Since we will be handling time, it is important that each click timestamp indicating when that click was done. A bit later in the tutorial you’ll see how to use ROWTIME for that purpose.
CREATE STREAM CLICKS (IP_ADDRESS VARCHAR, URL VARCHAR)
WITH (KAFKA_TOPIC = 'CLICKS',
FORMAT = 'JSON',
PARTITIONS = 1);
Now let’s produce some events that represent user clicks. Note that we are going to purposely produce duplicate events, in which each IP address will have clicked twice in the same URL.
INSERT INTO CLICKS (IP_ADDRESS, URL) VALUES ('10.0.0.1', 'https://docs.confluent.io/current/tutorials/examples/kubernetes/gke-base/docs/index.html');
INSERT INTO CLICKS (IP_ADDRESS, URL) VALUES ('10.0.0.12', 'https://www.confluent.io/hub/confluentinc/kafka-connect-datagen');
INSERT INTO CLICKS (IP_ADDRESS, URL) VALUES ('10.0.0.13', 'https://www.confluent.io/hub/confluentinc/kafka-connect-datagen');
INSERT INTO CLICKS (IP_ADDRESS, URL) VALUES ('10.0.0.1', 'https://docs.confluent.io/current/tutorials/examples/kubernetes/gke-base/docs/index.html');
INSERT INTO CLICKS (IP_ADDRESS, URL) VALUES ('10.0.0.12', 'https://www.confluent.io/hub/confluentinc/kafka-connect-datagen');
INSERT INTO CLICKS (IP_ADDRESS, URL) VALUES ('10.0.0.13', 'https://www.confluent.io/hub/confluentinc/kafka-connect-datagen');
Now that you have a stream with some events in it, let’s start to leverage them. The first thing to do is set the following properties to ensure that you’re reading from the beginning of the stream:
SET 'auto.offset.reset' = 'earliest';Next, set cache.max.bytes.buffering to configure the frequency of output for tables. The value of 0 instructs ksqlDB to emit each matching record as soon as it is processed. Without this configuration, the queries below could appear to "miss" some records due to the default batching behavior.
SET 'cache.max.bytes.buffering' = '0';
Let’s experiment with these events.
First, let’s create a query to select the information we need and count each occurrence of an IP address.
SELECT
IP_ADDRESS,
COUNT(IP_ADDRESS) as IP_COUNT,
URL,
FORMAT_TIMESTAMP(FROM_UNIXTIME(EARLIEST_BY_OFFSET(ROWTIME)), 'yyyy-MM-dd HH:mm:ss.SSS') AS TIMESTAMP
FROM CLICKS WINDOW TUMBLING (SIZE 2 MINUTES)
GROUP BY IP_ADDRESS, URL
EMIT CHANGES
LIMIT 6;
And it should produce the following output:
+-------------------------------------+-------------------------------------+-------------------------------------+-------------------------------------+
|IP_ADDRESS |IP_COUNT |URL |TIMESTAMP |
+-------------------------------------+-------------------------------------+-------------------------------------+-------------------------------------+
|10.0.0.1 |1 |https://docs.confluent.io/current/tut|2023-05-31 17:40:03.024 |
| | |orials/examples/kubernetes/gke-base/d| |
| | |ocs/index.html | |
|10.0.0.12 |1 |https://www.confluent.io/hub/confluen|2023-05-31 17:40:03.052 |
| | |tinc/kafka-connect-datagen | |
|10.0.0.13 |1 |https://www.confluent.io/hub/confluen|2023-05-31 17:40:03.077 |
| | |tinc/kafka-connect-datagen | |
|10.0.0.1 |2 |https://docs.confluent.io/current/tut|2023-05-31 17:40:03.024 |
| | |orials/examples/kubernetes/gke-base/d| |
| | |ocs/index.html | |
|10.0.0.12 |2 |https://www.confluent.io/hub/confluen|2023-05-31 17:40:03.052 |
| | |tinc/kafka-connect-datagen | |
|10.0.0.13 |2 |https://www.confluent.io/hub/confluen|2023-05-31 17:40:03.077 |
| | |tinc/kafka-connect-datagen | |
Limit Reached
Query terminatedNotice that the duplicate IP addresses have an IP_COUNT value greater than one. So our next step is to filter out the duplicates by only selecting records where the IP_COUNT column equals 1.
You’ll also notice that each ip-address + url combo have the same timestamp value. That’s because this this statement EARLIEST_BY_OFFSET(ROWTIME) selects the earliest ROWTIME, the event timestamp, for the composite key of ip-address and url. This is the desired behavior because when you add the de-duplication, you’ll only want the event timestamp of the first user click for the unique ip-address and url pair.
Now let’s create some continuous queries to implement this scenario.
CREATE TABLE DETECTED_CLICKS AS
SELECT
IP_ADDRESS AS KEY1,
URL AS KEY2,
AS_VALUE(IP_ADDRESS) AS IP_ADDRESS,
COUNT(IP_ADDRESS) as IP_COUNT,
AS_VALUE(URL) AS URL,
FORMAT_TIMESTAMP(FROM_UNIXTIME(EARLIEST_BY_OFFSET(ROWTIME)), 'yyyy-MM-dd HH:mm:ss.SSS') AS TIMESTAMP
FROM CLICKS WINDOW TUMBLING (SIZE 2 MINUTES, RETENTION 1000 DAYS)
GROUP BY IP_ADDRESS, URL;
CREATE STREAM RAW_VALUES_CLICKS (IP_ADDRESS VARCHAR, IP_COUNT BIGINT, URL VARCHAR, TIMESTAMP VARCHAR)
WITH (KAFKA_TOPIC = 'DETECTED_CLICKS',
PARTITIONS = 1,
FORMAT = 'JSON');
CREATE STREAM DISTINCT_CLICKS AS
SELECT
IP_ADDRESS,
URL,
TIMESTAMP
FROM RAW_VALUES_CLICKS
WHERE IP_COUNT = 1
PARTITION BY IP_ADDRESS;
In the first statement above, we created the query that finds click events, naming it DETECTED_CLICKS. We modeled it as a table since the query performs aggregations.
As we’re grouping by ip-address and url, these columns will become part of the primary key of the table.
Primary key columns are stored in the Kafka message’s key. As we’ll need them in the value later, we use AS_VALUE to copy the columns into the value and set their name. To avoid the value column names clashing with the key columns, we add aliases to rename the key columns.
As it stands, the key of the DETECTED_CLICKS table contains the ip-address, and url columns, and as the table is windowed, the window start time. Wouldn’t it be nice if the key was just the IP address?
You’ll take care of that as well as finding distinct IP addresses with the next two queries.
The second statement declares a stream on top of the DETECTED_CLICKS table, defining only the value columns we’re interested in.
In the third statement you set the key of the DISTINCT_CLICKS stream to just the IP address using the PARTITION BY statement. The WHERE clause is where we filter out duplicates by specifying to only retrieve IP addresses with a IP_COUNT of 1.
To verify everything is working as expected, run the following query:
SELECT
IP_ADDRESS,
URL,
TIMESTAMP
FROM DISTINCT_CLICKS
EMIT CHANGES
LIMIT 3;
The output should look similar to:
+--------------------------------------------------+--------------------------------------------------+--------------------------------------------------+
|IP_ADDRESS |URL |TIMESTAMP |
+--------------------------------------------------+--------------------------------------------------+--------------------------------------------------+
|10.0.0.1 |https://docs.confluent.io/current/tutorials/exampl|2023-05-31 17:40:03.024 |
| |es/kubernetes/gke-base/docs/index.html | |
|10.0.0.12 |https://www.confluent.io/hub/confluentinc/kafka-co|2023-05-31 17:40:03.052 |
| |nnect-datagen | |
|10.0.0.13 |https://www.confluent.io/hub/confluentinc/kafka-co|2023-05-31 17:40:03.077 |
| |nnect-datagen | |
Limit Reached
Query terminatedFinally, let’s see what’s available on the underlying Kafka topic for the table. We can print that out easily.
PRINT DISTINCT_CLICKS FROM BEGINNING LIMIT 3;
The output should look similar to:
Key format: JSON or HOPPING(KAFKA_STRING) or TUMBLING(KAFKA_STRING) or KAFKA_STRING
Value format: JSON or KAFKA_STRING
rowtime: 2023/05/31 17:40:03.024 Z, key: "10.0.0.1", value: {"URL":"https://docs.confluent.io/current/tutorials/examples/kubernetes/gke-base/docs/index.html","TIMESTAMP":"2023-05-31 17:40:03.024"}, partition: 0
rowtime: 2023/05/31 17:40:03.052 Z, key: "10.0.0.12", value: {"URL":"https://www.confluent.io/hub/confluentinc/kafka-connect-datagen","TIMESTAMP":"2023-05-31 17:40:03.052"}, partition: 0
rowtime: 2023/05/31 17:40:03.077 Z, key: "10.0.0.13", value: {"URL":"https://www.confluent.io/hub/confluentinc/kafka-connect-datagen","TIMESTAMP":"2023-05-31 17:40:03.077"}, partition: 0
Topic printing ceasedNow that you have a series of statements that’s doing the right thing, the last step is to put them into a file so that they can be used outside the CLI session. Create a file at src/statements.sql with the following content:
CREATE STREAM CLICKS (IP_ADDRESS STRING, URL STRING)
WITH (KAFKA_TOPIC = 'CLICKS',
FORMAT = 'JSON',
PARTITIONS = 1);
CREATE TABLE DETECTED_CLICKS AS
SELECT
IP_ADDRESS AS KEY1,
URL AS KEY2,
AS_VALUE(IP_ADDRESS) AS IP_ADDRESS,
COUNT(IP_ADDRESS) as IP_COUNT,
AS_VALUE(URL) AS URL,
FORMAT_TIMESTAMP(FROM_UNIXTIME(EARLIEST_BY_OFFSET(ROWTIME)), 'yyyy-MM-dd HH:mm:ss.SSS') AS TIMESTAMP
FROM CLICKS WINDOW TUMBLING (SIZE 2 MINUTES, RETENTION 1000 DAYS)
GROUP BY IP_ADDRESS, URL;
CREATE STREAM RAW_VALUES_CLICKS (IP_ADDRESS STRING, IP_COUNT BIGINT, URL STRING, TIMESTAMP STRING)
WITH (KAFKA_TOPIC = 'DETECTED_CLICKS',
PARTITIONS = 1,
FORMAT = 'JSON');
CREATE STREAM DISTINCT_CLICKS AS
SELECT
IP_ADDRESS,
URL,
TIMESTAMP
FROM RAW_VALUES_CLICKS
WHERE IP_COUNT = 1
PARTITION BY IP_ADDRESS;
Create a file at test/input.json with the inputs for testing:
{
"inputs": [
{
"topic": "CLICKS",
"timestamp": 1685644010383,
"value": {
"IP_ADDRESS": "10.0.0.1",
"URL": "https://docs.confluent.io/current/tutorials/examples/kubernetes/gke-base/docs/index.html"
}
},
{
"topic": "CLICKS",
"timestamp": 1685644295242,
"value": {
"IP_ADDRESS": "10.0.0.12",
"URL": "https://www.confluent.io/hub/confluentinc/kafka-connect-datagen"
}
},
{
"topic": "CLICKS",
"timestamp": 1685644521624,
"value": {
"IP_ADDRESS": "10.0.0.13",
"URL": "https://www.confluent.io/hub/confluentinc/kafka-connect-datagen"
}
},
{
"topic": "CLICKS",
"timestamp": 1685644010383,
"value": {
"IP_ADDRESS": "10.0.0.1",
"URL": "https://docs.confluent.io/current/tutorials/examples/kubernetes/gke-base/docs/index.html"
}
},
{
"topic": "CLICKS",
"timestamp": 1685644295242,
"value": {
"IP_ADDRESS": "10.0.0.12",
"URL": "https://www.confluent.io/hub/confluentinc/kafka-connect-datagen"
}
},
{
"topic": "CLICKS",
"timestamp": 1685644521624,
"value": {
"IP_ADDRESS": "10.0.0.13",
"URL": "https://www.confluent.io/hub/confluentinc/kafka-connect-datagen"
}
}
]
}
Similarly, create a file at test/output.json with the expected outputs.
{
"outputs": [
{
"topic": "DISTINCT_CLICKS",
"key": "10.0.0.1",
"value": {
"URL": "https://docs.confluent.io/current/tutorials/examples/kubernetes/gke-base/docs/index.html",
"TIMESTAMP": "2023-06-01 18:26:50.383"
},
"timestamp": 1685644010383
},
{
"topic": "DISTINCT_CLICKS",
"key": "10.0.0.12",
"value": {
"URL": "https://www.confluent.io/hub/confluentinc/kafka-connect-datagen",
"TIMESTAMP": "2023-06-01 18:31:35.242"
},
"timestamp": 1685644295242
},
{
"topic": "DISTINCT_CLICKS",
"key": "10.0.0.13",
"value": {
"URL": "https://www.confluent.io/hub/confluentinc/kafka-connect-datagen",
"TIMESTAMP": "2023-06-01 18:35:21.624"
},
"timestamp": 1685644521624
}
]
}
Lastly, invoke the tests using the test runner and the statements file that you created earlier:
docker exec ksql-cli ksql-test-runner -i /opt/app/test/input.json -s /opt/app/src/statements.sql -o /opt/app/test/output.jsonWhich should pass:
>>> Test passed!Instead of running a local Kafka cluster, you may use Confluent Cloud, a fully managed Apache Kafka service.
Sign up for Confluent Cloud, a fully managed Apache Kafka service.
After you log in to Confluent Cloud Console, click Environments in the lefthand navigation, click on Add cloud environment, and name the environment learn-kafka. Using a new environment keeps your learning resources separate from your other Confluent Cloud resources.
From the Billing & payment section in the menu, apply the promo code CC100KTS to receive an additional $100 free usage on Confluent Cloud (details). To avoid having to enter a credit card, add an additional promo code CONFLUENTDEV1. With this promo code, you will not have to enter a credit card for 30 days or until your credits run out.
Click on LEARN and follow the instructions to launch a Kafka cluster and enable Schema Registry.
Next, from the Confluent Cloud Console, click on Clients to get the cluster-specific configurations, e.g., Kafka cluster bootstrap servers and credentials, Confluent Cloud Schema Registry and credentials, etc., and set the appropriate parameters in your client application.
Now you’re all set to run your streaming application locally, backed by a Kafka cluster fully managed by Confluent Cloud.