All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Splunk on Hadoop

riteshbansal
New Member
‎03-21-2013 12:06 AM

Hello Team,

I would like to know what kind of connectivity Splunk has with Hadoop and HDFS?

I noticed that index creation part of splunk takes a good amount of time, so I would like to know following:

  1. Is it possible to install splunk over HDFS? So if we have weblog data over HDFS, can Splunk index creation done using MR jobs?
  2. How splunk stores the data? So if I have connected it to multiple servers to fetch web logs data, will it pull all data to local server, create index and store index as well in local?

Thanks in advance,
Ritesh

Tags (1)
0 Karma
Reply

araitz
Splunk Employee
Splunk Employee
‎03-21-2013 03:03 PM

See http://www.splunk.com/view/hadoop-connect/SP-CAAAHA3

Splunk itself does not run on HDFS, but Hadoop Connect facilitates interaction with it.

We also have Hadoop Ops for monitoring and troubleshooting Hadoop deployments: http://splunk-base.splunk.com/apps/57004/splunk-app-for-hadoopops

Splunk stores data in a distributed fashion on machines called 'indexers'. Generally indexers are seperate machines than where the data is created. You can use a 'forwarder' to get data from production machines to indexers. Many indexers can be searched at the same time from a machine configured as a 'search head'.

0 Karma
Reply
Get Updates on the Splunk Community!

Threat Hunting Unlocked: How to Uplevel Your Threat Hunting With the PEAK Framework ...

WATCH NOWAs AI starts tackling low level alerts, it's more critical than ever to uplevel your threat hunting ...

Splunk APM: New Product Features + Community Office Hours Recap!

Howdy Splunk Community! Over the past few months, we’ve had a lot going on in the world of Splunk Application ...

Index This | Forward, I’m heavy; backward, I’m not. What am I?

April 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...