All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to configure Hunk for ORC format data in Hive?

toabhishek16
New Member
‎04-02-2015 03:56 AM

Hi Team,

I am using Apache Hadoop 2.6.0 and Hive 0.14. I have configured Hunk for text data in hive and HDFS.

but I am not able to configure ORC format data in Hive. I tried properties discussed in (http://answers.splunk.com/answers/210194/settings-to-configure-hunk-for-hive-orc-table.html ) but it is not working. I am getting a garbage values in Hunk.

Please help me by providing settings.

Thanks & Regards
Abhisek

0 Karma
Reply

hyan_splunk
Splunk Employee
Splunk Employee
‎04-03-2015 08:43 AM

For any hive formats other than text, you need to specify fileformat property. So in your case:

vix.input.1.splitter.hive.fileformat = orc

Reply

mikechu
New Member
‎06-17-2015 11:30 AM

Hi

I'm using Splunk and Hunk on AWS. We have a Hive external table with textfile format. It's field delimiter is comma. I'm able to setup a index provider and virtual index for the hive table with the following setup. However, the field values are not parsed properly. It seems Splunk put the entire row to the 1st field. Is there a vix.input.1.hive.??? parameter for hive field delimiter?

vix.input.1.splitter.hive.columnnames=id,source,type,amount,status,from_pin,region_id,ip_address,date_closing,date_created,date_event,user_seller,account_seller,advertiser_id,user_id,account_id,sale_type,sale_item,sale_id,sale_amount,request,order_id,from_co,client_id,product_price,utcdate,bonus
vix.input.1.splitter.hive.columntypes=string:string:string:double:string:string:string:string:string:string:string:string:string:string:string:string:string:string:string:string:string:string:string:string:string:string:string
vix.input.1.splitter.hive.dbname=rs_analytics
vix.input.1.splitter.hive.tablename=transaction
vix.input.1.splitter.hive.fileformat=textfile

0 Karma
Reply

hyan_splunk
Splunk Employee
Splunk Employee
‎06-17-2015 07:22 PM

Yes.
vix.input.1.splitter.hive.rowformat.fields.terminated=,

0 Karma
Reply

rdagan_splunk
Splunk Employee
Splunk Employee
‎04-03-2015 09:56 AM

Also, it seems like the provider may be missing this flag
vix.hive.metastore.uris = thrift://metastore.example.com:9083

0 Karma
Reply

toabhishek16
New Member
‎04-02-2015 11:40 PM

Hi please find below current settings:

Provider:
vix.splunk.search.splitter=HiveSplitGenerator
and all other properties are set to default

Virtual Index:
Path to data in HDFS =
vix.input.1.splitter.hive.dbname = default
vix.input.1.splitter.hive.tablename = hivetable_orc

the above setting is working fine with text files but not working with ORC format.

please help...

0 Karma
Reply

apatil_splunk
Splunk Employee
Splunk Employee
‎04-02-2015 09:33 AM

Can you please post how your existing settings look like (provider + virtual index).

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey

Can’t make it to .conf25? Join us online!

Watch Global Broadcast
Get Updates on the Splunk Community!

Level Up Your .conf25: Splunk Arcade Comes to Boston

With .conf25 right around the corner in Boston, there’s a lot to look forward to — inspiring keynotes, ...

Manual Instrumentation with Splunk Observability Cloud: How to Instrument Frontend ...

Although it might seem daunting, as we’ve seen in this series, manual instrumentation can be straightforward ...

Take Action Automatically on Splunk Alerts with Red Hat Ansible Automation Platform

Ready to make your IT operations smarter and more efficient? Discover how to automate Splunk alerts with Red ...