Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Export large volume of historical data from Splunk to Hadoop(HDFS) which can be implemented in production as well

dipranjan
New Member
‎10-12-2020 06:20 AM

Hello Splunk Team,
I have  been exploring how to connect SPLUNK with Hadoop to export large volume of data(Historical). Could you please help me and provide us the best way to export data from Splunk to Hadoop(HDFS). We learned while exploring that Hadoop connect would be a way but it is now your legacy product and we cannot implement that in production. We also explored Hadoop Data Roll but it can only export in particular data format. We wanted to know the best method available for exporting large volume from Splunk to HDFS. 

Labels (2)
Labels
0 Karma
Reply

dipranjan
New Member
‎10-12-2020 08:11 AM

One of the use case is to export all the metadata from Splunk to Hadoop and it is in GB's. Rest API process may take months to do that and we are looking for better solution. HDR seems to be a solution for exporting in native Splunk format. Is there anyway to export different file formats from splunk and dump on HDFS in let say csv, json etc

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎10-12-2020 07:48 AM

What are your requirements for exporting data?  It appears you don't want the data in native Splunk format so what format do you want?  How much data will you be exporting?

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

dipranjan
New Member
‎10-12-2020 08:16 AM

By the way we wanted to know the best way to export data from splunk to hadoop even if it is in native splunk format and it can also be implemented in production. Hadoop connect is legacy and not supported any further and due to this we can't implement.

If let say native splunk format is only possibility then how to read or convert them into other formats? such as CSV or JSON

0 Karma
Reply
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...