All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to configure Hunk for ORC format data in Hive?

toabhishek16
New Member
‎04-02-2015 03:56 AM

Hi Team,

I am using Apache Hadoop 2.6.0 and Hive 0.14. I have configured Hunk for text data in hive and HDFS.

but I am not able to configure ORC format data in Hive. I tried properties discussed in (http://answers.splunk.com/answers/210194/settings-to-configure-hunk-for-hive-orc-table.html ) but it is not working. I am getting a garbage values in Hunk.

Please help me by providing settings.

Thanks & Regards
Abhisek

0 Karma
Reply

hyan_splunk
Splunk Employee
Splunk Employee
‎04-03-2015 08:43 AM

For any hive formats other than text, you need to specify fileformat property. So in your case:

vix.input.1.splitter.hive.fileformat = orc

Reply

mikechu
New Member
‎06-17-2015 11:30 AM

Hi

I'm using Splunk and Hunk on AWS. We have a Hive external table with textfile format. It's field delimiter is comma. I'm able to setup a index provider and virtual index for the hive table with the following setup. However, the field values are not parsed properly. It seems Splunk put the entire row to the 1st field. Is there a vix.input.1.hive.??? parameter for hive field delimiter?

vix.input.1.splitter.hive.columnnames=id,source,type,amount,status,from_pin,region_id,ip_address,date_closing,date_created,date_event,user_seller,account_seller,advertiser_id,user_id,account_id,sale_type,sale_item,sale_id,sale_amount,request,order_id,from_co,client_id,product_price,utcdate,bonus
vix.input.1.splitter.hive.columntypes=string:string:string:double:string:string:string:string:string:string:string:string:string:string:string:string:string:string:string:string:string:string:string:string:string:string:string
vix.input.1.splitter.hive.dbname=rs_analytics
vix.input.1.splitter.hive.tablename=transaction
vix.input.1.splitter.hive.fileformat=textfile

0 Karma
Reply

hyan_splunk
Splunk Employee
Splunk Employee
‎06-17-2015 07:22 PM

Yes.
vix.input.1.splitter.hive.rowformat.fields.terminated=,

0 Karma
Reply

rdagan_splunk
Splunk Employee
Splunk Employee
‎04-03-2015 09:56 AM

Also, it seems like the provider may be missing this flag
vix.hive.metastore.uris = thrift://metastore.example.com:9083

0 Karma
Reply

toabhishek16
New Member
‎04-02-2015 11:40 PM

Hi please find below current settings:

Provider:
vix.splunk.search.splitter=HiveSplitGenerator
and all other properties are set to default

Virtual Index:
Path to data in HDFS =
vix.input.1.splitter.hive.dbname = default
vix.input.1.splitter.hive.tablename = hivetable_orc

the above setting is working fine with text files but not working with ORC format.

please help...

0 Karma
Reply

apatil_splunk
Splunk Employee
Splunk Employee
‎04-02-2015 09:33 AM

Can you please post how your existing settings look like (provider + virtual index).

0 Karma
Reply
Get Updates on the Splunk Community!

New in Observability Cloud - Explicit Bucket Histograms

Splunk introduces native support for histograms as a metric data type within Observability Cloud with Explicit ...

Updated Team Landing Page in Splunk Observability

We’re making some changes to the team landing page in Splunk Observability, based on your feedback. The ...

New! Splunk Observability Search Enhancements for Splunk APM Services/Traces and ...

Regardless of where you are in Splunk Observability, you can search for relevant APM targets including service ...