All Apps and Add-ons

Hadoop Export functionality is failing

Splunk Employee
Splunk Employee

According to the logs and $SPLUNK_HOME/var/run/splunk/dispatch, the configured search executes successfully and produces results in csv format.

The cursor and CSV header files are written to HDFS filesystem (that means the HDFS connection works and permissions for splunk to write are in order).

Strange message in splunkd.log

09-24-2014 21:26:12.066 +0200 WARN AdminManager - Handler 'hdfs_export' has not performed any capability checks for this operation (requestedAction=edit, customAction="force", item="P_WebTrends_CSV"). This may be a bug

And Message from HadoopConnect.log:

"Field 'rmIP' is not presented in fields exported last time. last export fields: ['_time', 'src_ip', 'WT_cg_s', 'WT_co_f']", "value": "_time,rmIP,ipF,a_ip,…"

Tags (1)

Path Finder

I've had this issue in combination with fillnull:

| fillnull value=XXX

using explicit field values for fillnull helped

 | fillnull value=XXX field1, field2, etc.
Get Updates on the Splunk Community!

Improve Your Security Posture

Watch NowImprove Your Security PostureCustomers are at the center of everything we do at Splunk and security ...

Maximize the Value from Microsoft Defender with Splunk

 Watch NowJoin Splunk and Sens Consulting for this Security Edition Tech TalkWho should attend:  Security ...

This Week's Community Digest - Splunk Community Happenings [6.27.22]

Get the latest news and updates from the Splunk Community here! News From Splunk Answers ✍️ Splunk Answers is ...