Real-time Analytics & OLAP • Apache Druid for Real-time AnalyticsMedium⏱️ ~3 min
How Druid Achieves Subsecond Query Performance
The Core Mechanism:
Druid's speed comes from combining three architectural decisions that work together. First, everything is partitioned by time, usually at hour or day granularity. Second, data is stored in a columnar format with heavy compression and indexing. Third, queries are distributed across nodes that hold cached segments on fast SSDs or memory.
Let's break down why this matters with concrete numbers.
Time Partitioning Magic:
When you query for "clicks in the last 15 minutes, country equals US", Druid doesn't scan your entire dataset. If you have 90 days of data in hourly segments, that's 2,160 segments total. But your query only needs the last 1 segment (or maybe 2 if you're crossing an hour boundary). That's 99.9% of data pruned instantly before any actual scanning happens.
Compare this to a traditional database where time is just another indexed column. Even with a good index, you'd need to check index entries across the entire table, potentially millions of seeks.
Columnar Compression and Indexing:
Within each segment, Druid stores dimensions and metrics separately as columns. For a dimension like
Distributed Query Execution:
Query brokers receive your query and identify relevant segments. If your query touches 10 segments spread across 5 historical nodes, the broker sends parallel sub queries to all 5 nodes simultaneously. Each node scans its local segments (cached on SSD), computes partial aggregates, and returns results. The broker merges these partial results into the final answer.
For a dashboard query aggregating 500 million rows across 10 segments, if each node processes 2 segments in parallel at 80 milliseconds per segment, plus 20 milliseconds for network and merge overhead, your total query time is roughly 100 milliseconds. This parallelism is why Druid handles high concurrency well: 100 concurrent queries just mean more work distributed across your cluster.
country with only 200 distinct values but 100 million rows, Druid uses dictionary encoding: each country becomes an integer ID (0 to 199), and bitmap indexes track which rows contain each value. Filtering for "country equals US" becomes a single bitmap lookup, not 100 million string comparisons.
Metric columns like click_count are stored as compressed numeric arrays. Aggregations (SUM, AVG, COUNT) run on these compressed columns using vectorized execution, processing thousands of values per CPU cycle.
Query Execution Comparison
ROW STORE SCAN
15 sec
→
DRUID COLUMNAR
80 ms
✓ In Practice: A typical production cluster with 20 historical nodes, each holding 500 GB of hot segments on NVMe SSDs, can sustain 1,000 queries per second with p99 latencies under 500 milliseconds on well indexed dimensions.
💡 Key Takeaways
✓Time partitioning by hour or day prunes 99% of data instantly for typical time filtered queries, avoiding full table scans
✓Dictionary encoding with bitmap indexes turns string comparisons into fast bitmap operations: filtering 100 million rows takes microseconds
✓Columnar storage allows vectorized execution on compressed metric columns, processing thousands of values per CPU cycle
✓Distributed query execution parallelizes work across nodes: scanning 10 segments across 5 nodes takes the time of the slowest node, not the sum
✓A well tuned cluster can achieve p99 latencies under 500 milliseconds while handling 1,000 concurrent queries per second
📌 Examples
1Query for last 15 minutes of clicks grouped by country: broker identifies 1 segment (250 million rows), historical node scans compressed columnar data in 80 milliseconds using bitmap index on country dimension
2Dashboard showing hourly revenue trends for last 7 days: touches 168 segments (7 days times 24 hours), distributed across 20 nodes, each processes roughly 8 segments in parallel, completes in 150 milliseconds
3Real time fraud detection query filtering by merchant ID and card type in last 5 minutes: bitmap intersection on two indexed dimensions scans 50 million rows in 40 milliseconds