All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

Hadoop Virtual Index - No Results Found

tt1
Explorer
‎02-05-2014 08:38 AM

Guys,

First day using hunk/splunk. I seem to be set up ok but just can not get anything returned form a Virtual Index.

The index is pointing to a correct HDFS directory with permissions.

Is there anything obvious I may not be doing correctly? Any answers appreciated?

Regards.

Tags (2)
Reply
1 Solution
Solved! Jump to solution
Solution

Ledion_Bitincka
Splunk Employee
Splunk Employee
‎02-05-2014 10:04 AM

It seems like you have incorrectly specified the HDFS port. 50070 is usually the HTTP port, you need to specify IPC/RPC port, which usually defaults to 8020. So, the solution would be to change the file system setting in the provider to: hdfs://tv-dev-clust1.tv.talktalk.lab:8020 (or whatever the port is)

02-05-2014 16:33:00.086 ERROR ERP.TestProvider -  SplunkMR$SearchHandler - Failed on local exception: com.google.protobuf.InvalidProtocolBufferException: Protocol message end-group tag did not match expected tag.; Host Details : local host is: "tv-dev-clust1.tv.talktalk.lab/10.182.14.221"; destination host is: "tv-dev-clust1.tv.talktalk.lab":50070;

View solution in original post

Reply
Solved! Jump to solution
Solution

Ledion_Bitincka
Splunk Employee
Splunk Employee
‎02-05-2014 10:04 AM

It seems like you have incorrectly specified the HDFS port. 50070 is usually the HTTP port, you need to specify IPC/RPC port, which usually defaults to 8020. So, the solution would be to change the file system setting in the provider to: hdfs://tv-dev-clust1.tv.talktalk.lab:8020 (or whatever the port is)

02-05-2014 16:33:00.086 ERROR ERP.TestProvider -  SplunkMR$SearchHandler - Failed on local exception: com.google.protobuf.InvalidProtocolBufferException: Protocol message end-group tag did not match expected tag.; Host Details : local host is: "tv-dev-clust1.tv.talktalk.lab/10.182.14.221"; destination host is: "tv-dev-clust1.tv.talktalk.lab":50070;
Reply
Solved! Jump to solution

tt1
Explorer
‎02-05-2014 11:04 PM

Thanks for looking in, you are right, I was using the wrong port. I tested using an incorrect IP and saw it error, but I didn't think to test the port. I am now in, the tool looks great.

0 Karma
Reply
Solved! Jump to solution

tt1
Explorer
‎02-05-2014 08:46 AM

Hi, thanks for taking a look.

"All Time" Yes
Recurse the directory Yes

PasteBin of log http://pastebin.com/igxPPKt1

Thanks.

0 Karma
Reply
Solved! Jump to solution

csharp_splunk
Splunk Employee
Splunk Employee
‎02-05-2014 08:41 AM

First things first, check your time picker at the right of the search bar and set it to "All Time". Did you set your virtual index to recurse the directory? You could be only looking at the top level directory. If that doesn't solve it, if you could click on Job->Inspect, scroll to the bottom, click search.log and then send us a pastebin of that, that could help us troubleshoot.

Reply
Solved! Jump to solution

tt1
Explorer
‎02-05-2014 09:18 AM

Hi, thanks for taking a look.
"All Time" Yes
Recurse the directory Yes
PasteBin of log http://pastebin.com/igxPPKt1
Thanks.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...

Design, Compete, Win: Submit Your Best Splunk Dashboards for a .conf26 Pass

Hello Splunkers,  We’re excited to kick off a Splunk Dashboard contest! We know that dashboards are a primary ...

May 2026 Splunk Expert Sessions: Security & Observability

Level Up Your Operations: May 2026 Splunk Expert Sessions Whether you are refining your security posture or ...