Flume for log collection in Hadoop - Time & Space Complexity

When collecting logs with Flume, it's important to understand how the time to process logs grows as more logs arrive.

We want to know how the work Flume does changes when the amount of log data increases.

Analyze the time complexity of the following Flume agent configuration snippet.

# Flume agent configuration
agent.sources = source1
agent.channels = channel1
agent.sinks = sink1

agent.sources.source1.type = exec
agent.sources.source1.command = tail -F /var/log/app.log
agent.sources.source1.channels = channel1

agent.channels.channel1.type = memory
agent.sinks.sink1.type = hdfs
agent.sinks.sink1.channel = channel1
agent.sinks.sink1.hdfs.path = /logs/app/
agent.sinks.sink1.hdfs.rollInterval = 60

This setup reads logs continuously, stores them temporarily in memory, and writes them to HDFS every minute.

Look at what repeats as logs flow through Flume.

• Primary operation: Reading each new log line and writing it to the channel and then to HDFS.
• How many times: Once for every log line generated by the application.

As the number of log lines increases, Flume processes each line one by one.

Input Size (log lines)	Approx. Operations
10	10 reads and writes
100	100 reads and writes
1000	1000 reads and writes

Pattern observation: The work grows directly with the number of log lines; double the logs, double the work.

Time Complexity: O(n)

This means the time to process logs grows in a straight line with the number of logs.

[X] Wrong: "Flume processes all logs instantly no matter how many there are."

[OK] Correct: Each log line must be handled one at a time, so more logs mean more processing time.

Understanding how Flume handles growing log data helps you explain real-world data flow and scaling in interviews.

What if Flume used batch processing to send logs in groups instead of one by one? How would the time complexity change?