Accumulo/Hadoop, MongoDB, and Elasticsearch Performance for Semi-Structured Intrusion Detection (IDS) Data

Report No. ARL-CR-0809
Authors: Ralph P Ritchey
Date/Pages: November 2016; 44 pages
Abstract: NoSQL data stores are highly recognized for their ability to easily scale and store vast amounts of information. When considering converting to a NoSQL data store, a fact-based analysis should be applied to address the issues inherent in such an architectural-based, critical, core component change. As such, we evaluate Hadoop, MongoDB, and Elasticsearch as a replacement for data stored in a custom intrusion detection system infrastructure. In this type of environment, the number of records is voluminous, the records contain semi-structured data of varying data types, and both across-the-board analytics and surgical queries must be supported.
Distribution: Approved for public release
  Download Report ( 0.415 MBytes )
If you are visually impaired or need a physical copy of this report, please visit and contact DTIC.

Last Update / Reviewed: November 1, 2016