Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Export large volume of historical data from Splunk to Hadoop(HDFS) which can be implemented in production as well

dipranjan
New Member
‎10-12-2020 06:20 AM

Hello Splunk Team,
I have  been exploring how to connect SPLUNK with Hadoop to export large volume of data(Historical). Could you please help me and provide us the best way to export data from Splunk to Hadoop(HDFS). We learned while exploring that Hadoop connect would be a way but it is now your legacy product and we cannot implement that in production. We also explored Hadoop Data Roll but it can only export in particular data format. We wanted to know the best method available for exporting large volume from Splunk to HDFS. 

Labels (1)
Labels
0 Karma
Reply

dipranjan
New Member
‎10-12-2020 08:11 AM

One of the use case is to export all the metadata from Splunk to Hadoop and it is in GB's. Rest API process may take months to do that and we are looking for better solution. HDR seems to be a solution for exporting in native Splunk format. Is there anyway to export different file formats from splunk and dump on HDFS in let say csv, json etc

0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎10-12-2020 07:48 AM

What are your requirements for exporting data?  It appears you don't want the data in native Splunk format so what format do you want?  How much data will you be exporting?

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

dipranjan
New Member
‎10-12-2020 08:16 AM

By the way we wanted to know the best way to export data from splunk to hadoop even if it is in native splunk format and it can also be implemented in production. Hadoop connect is legacy and not supported any further and due to this we can't implement.

If let say native splunk format is only possibility then how to read or convert them into other formats? such as CSV or JSON

0 Karma
Reply
Get Updates on the Splunk Community!

Purpose in Action: How Splunk Is Helping Power an Inclusive Future for All

At Cisco, purpose isn’t a tagline—it’s a commitment. Cisco’s FY25 Purpose Report outlines how the company is ...

[Upcoming Webinar] Demo Day: Transforming IT Operations with Splunk

Join us for a live Demo Day at the Cisco Store on January 21st 10:00am - 11:00am PST In the fast-paced world ...

New Year. New Skills. New Course Releases from Splunk Education

A new year often inspires reflection—and reinvention. Whether your goals include strengthening your security ...