All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Hunk vs Splunk Enterprise. Any functions missing from Hunk that only Enterprise has?

Lucas_K
Motivator
‎12-04-2014 06:30 PM

We're looking into using Hunk. As it stands the licenses are based on nodes access (or something) so we could initially migrate our search heads to be hunk installs instead of regular splunk enterprise. When hadoop functionality is required it can be easily added by the virtual indexes options.

From the Hunk faq's and documents I havn't been able to determine if Hunk has a superset of Splunk Enterprise features. And that it functions identically for existing apps without modification.

My intention is that we could move all of our apps to the hunk install and we'd get best of everything. Normal splunk dist search aswell as hadoop searches if/when required.

Am I missing some understanding of what Hunk is?

Tags (2)
0 Karma
Reply

rdagan_splunk
Splunk Employee
Splunk Employee
‎12-04-2014 07:39 PM

It looks like your description is correct. You can find the side by side in this PDF file: http://www.splunk.com/web_assets/pdfs/secure/Hunk_Product_Data_Sheet.pdf

Reply

Lucas_K
Motivator
‎12-04-2014 08:17 PM

I'd seen the data sheet before. It is pretty high level assumes a single non distributed instance.

It is also not totally clear about the meanings of some of the details. It has realtime removed from the hunk side when in fact its dependent on the source it draws the data from.

ie. Do you need a Splunk Enterprise license to run Hunk?

A. Hunk is a separate product and has its own license. You'll need a Splunk Enterprise license only to run searches against Splunk Enterprise indexers.

Just did an install, added licenses and existing splunk servers and I can't search my enterprise indexes I just get a weird error "Search filters specified using splunk_server/splunk_server_group do not match any search peer.".

alt text

Yet I can successfully see all my search peers with successful replication. I can see the distsearch license feature listed. "featuresearch': 'ENABLED', 'ScheduledReports': 'ENABLED', 'UnisiteClustering': 'ENABLED', 'MultisiteClustering': 'ENABLED', 'Acceleration': 'ENABLED', 'AdvancedSearchCommands': 'ENABLED', 'DistSearch': "

0 Karma
Reply

rdagan_splunk
Splunk Employee
Splunk Employee
‎12-04-2014 09:19 PM

When you download Hunk you will get all of Splunk software + few jars under /hunk/bin/jars (basically Hunk is a search head of Splunk + ability to connect to Hadoop). Also, you will get a temp hunk license that will enable you to see the link to the virtual index (under settings).
Assuming that after the install you applied your existing Splunk Enterprise license, and that you are able to see all of your indexes under ' settings -> indexes' + Configure distributed search, that part should be the same as any other splunk search head.

0 Karma
Reply

Lucas_K
Motivator
‎01-29-2015 03:07 PM

A new year but the same error.

I can't search any of our existing search peers.

edit: ok the issue is that you MUST specify the splunk_server option in your base query or nothing will happen.

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...