All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to use Splunk for analytics on a huge volume of data?

dipu20
New Member
‎05-10-2018 07:27 AM

I have a use case where in we have around 0.5 TB of raw data coming in on daily basis that needs to be analyzed /searched
We have a Splunk Enterprise license , so was thinking to use Splunk for same, by storing this data on file system and then get those files indexed in Splunk. Just wondering if this is an efficient way.

Analysis done so far with other approaches:

1) Using Hunk (Can't go for a licensed solution. hence crossing this )
2) Using Splunk Analytics for Hadoop (I guess its just a new name for HUNK. We still need to get a license for this ?
Also it look like its an Add On so do we still need to purchase it or is it free to download.)
3) Storing data on HDFS and then using Splunk Hadoop Connect to index the hdfs data for searching.

Any suggestions w.r.t to these approaches will be helpful .

Thanks in advance

0 Karma
Reply

rdagan_splunk
Splunk Employee
Splunk Employee
‎05-24-2018 07:30 AM

Yes Hunk is the older name for Splunk Analytics for Hadoop. They are both licensed the same.
Splunk Analytics for Hadoop is already part of normal Splunk, so you do not need to install any additional Splunk software (you do need Hadoop and Java on the Search Head)
Using Splunk Hadoop Connect will copy the files from HDFS to Splunk indexers. Splunk Analytics for Hadoop will not index the data in Splunk, but will run MR jobs on the Hadoop cluster and will return the results.

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey

Can’t make it to .conf25? Join us online!

Watch Global Broadcast
Get Updates on the Splunk Community!

Can’t Make It to Boston? Stream .conf25 and Learn with Haya Husain

Boston may be buzzing this September with Splunk University and .conf25, but you don’t have to pack a bag to ...

Splunk Lantern’s Guide to The Most Popular .conf25 Sessions

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Unlock What’s Next: The Splunk Cloud Platform at .conf25

In just a few days, Boston will be buzzing as the Splunk team and thousands of community members come together ...