feat(tag_cardinality_limit transform): Add exact_fingerprint mode for lower memory usage#25640
Conversation
github-actions
Bot
added
docs review on hold
ArunPiduguDD
force-pushed
the
feat/tag-cardinality-exact-fingerprint
branch
from
1980f6e to
637d90a
Compare
… lower memory Introduces Mode::ExactFingerprint (YAML: mode: exact_fingerprint), an opt-in storage mode that reduces per-accepted-value memory from ~128 B to ~9 B by storing 64-bit hash fingerprints of tag values instead of the full strings. Design choices: - Stores only u64 fingerprints; accepts a vanishingly small collision risk (≈ 7e-15 per set at the default value_limit=500), which can cause a minor cardinality undercount. Mode::Exact remains byte-exact for users who need it. - Fingerprints are computed with the std DefaultHasher (stateless, fixed keys, no per-set hasher state) — the same hasher TagValueSet's own Hash impl uses internally. - Fingerprint table uses HashBuildHasher (identity/pass-through hasher) to avoid double-hashing an already-uniformly-distributed u64. - Mode::ExactFingerprint and OverrideMode::ExactFingerprint are new, user-visible config variants. Existing Mode::Exact semantics are completely unchanged. Also fixes test_accepted_tag_value_set_probabilistic in tag_value_set.rs, which was erroneously constructing Mode::Exact and therefore not testing the Bloom path at all. Benchmarked on a local release binary across M=50K/100K, T=10/50, V=1/10/100. Memory reduction vs exact mode: 36-46% at V=1, 65-75% at V=10, 85-88% at V=100. See tcl_memtest/SESSION_NOTES_2026-06-12.md for full results. Co-authored-by: ArunPiduguDD <arun.pidugu@datadoghq.com>
ArunPiduguDD
force-pushed
the
feat/tag-cardinality-exact-fingerprint
branch
from
637d90a to
317f3e5
Compare
ArunPiduguDD
changed the title
bruceg
left a comment
bruceg
left a comment
There was a problem hiding this comment.
This LGTM as-is but I had a question about pre-creating the hasher that might be worth pursuing.
|
|
||
| /// Compute a 64-bit fingerprint of a tag value | ||
| fn fingerprint(value: &TagValueSet) -> u64 { | ||
| BuildHasherDefault::<SeaHasher>::default().hash_one(value) |
There was a problem hiding this comment.
Would there be any value in pre-computing BuildHasherDefault::<SeaHasher>::default() when FingerprintStorage is created? You might want to seed it differently for each storage unit to avoid known-seed collision attacks.
There was a problem hiding this comment.
Hm, what is a scenario where we would need to guard against known-seed collision attacks in Vector?
There was a problem hiding this comment.
The path would be being able to synthetically cause a collision with attacker-controlled data. In this case that would cause an undercount, allowing through a higher cardinality than otherwise IIUC, which amounts to a DoS attack due to service costs. Having an unknown seed makes that much harder, particularly if Vector is used in a cluster where every node has different seeds. The question then is if this is concerning.
FWIW microbenchmarks confirm that the setup of the hasher is free for this use.
github-actions
Bot
removed
the
docs review on hold
buraizu
left a comment
buraizu
left a comment
There was a problem hiding this comment.
Approving with a minor suggestion for punctuation consistency
| of tag values instead of the original strings. This leads to lower memory requirements in most | ||
| scenarios (assuming average tag value size is greater than 8 bytes) at the cost of slightly | ||
| reduced throughput due to extra hashing operations and a very small chance of collisions at | ||
| very high cardinalities |
There was a problem hiding this comment.
| very high cardinalities | |
| very high cardinalities. |
4 participants
Summary
Adds a new optional mode to the
tag_cardinality_limittransform calledexact_fingerprint.It behaves just like the existing
exactmode, except instead of keeping a full copy of every tag value it has seen, it stores a small 8 byte fingerprint of each value. This leads to less memory usage in most scenarios (assuming that in general average tag values length > 8).Trade-offs:
undercount. For workloads that need perfectly exact counting,
exactmode is unchanged andremains the default.
Uses SeaHasher over DefaultHasher for improved hashing speed
Memory savings
Measured memory use of
exactvsexact_fingerprintacross different workloads(M = number of metrics, tags/metric, distinct values per tag). Each tag value was a randomly generated 20 byte string:
Vector configuration
How did you test this PR?
actions, excluded-tag handling, config parsing).
by sending generated metrics and measuring resident memory.
Change Type
Is this a breaking change?
Does this PR include user facing changes?
no-changeloglabel to this PR.