Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

how to simulate flow data like real time search for hunk?

sfatnass
Contributor
‎09-05-2016 02:23 AM

hi i know that hunk doesn't support real time searching for hadoop data.

how can i do if i will refresh or restart a search on background and print the result on dashboard like real time search.
it's just to simulate a reading flow data like real time search, just for watching result on dashboard without complexe request.

i think it's possible to use cron to reload the search request but the problem is the time betwen the end of search request and the next realoading.

thx

Tags (2)
0 Karma
Reply

kschon_splunk
Splunk Employee
Splunk Employee
‎09-06-2016 01:45 PM

You can save a Hunk search as a report, and schedule it to run with any frequency you like. However, you still won't be doing a true real-time search, for a couple reasons. One is that processes which write data to HDFS usually have some latency, i.e. the data does not show up quickly enough to be considered "real-time". Secondly, map-reduce jobs are typically high throughput but high latency, so the job itself may introduce a large delay. Also, please consider that if you schedule a search to be very frequent, it may take up considerable resources that will then not be available for other activity on your cluster. You should consider instead using Report Acceleration:
https://docs.splunk.com/Documentation/Hunk/6.4.3/Hunk/Workwithreportacceleration

If you truly need real-time searches, consider first ingesting your data into a regular Splunk index, and then archiving the data to HDFS:
http://docs.splunk.com/Documentation/Hunk/6.4.3/Hunk/ArchivingSplunkindexes

0 Karma
Reply

rdagan_splunk
Splunk Employee
Splunk Employee
‎09-05-2016 10:56 AM

You are right, since Hunk does not support real-time, you will have a gap between the end of the search and the start of the next search.

0 Karma
Reply

sfatnass
Contributor
‎09-05-2016 11:22 AM

but how can i do to simulate searching like real time ?

0 Karma
Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...