Getting Data In

hunk for Hive getting ORC, compressed in snappy

rpicot
Explorer

Hi everyone,

I'm already able to get with hunk via hive some text files, and orc tables, but the table I'm now trying to reach is orc, compressed in snappy.

When I make a search, the web interface only tells me no results found.
The search.log doesn't tell any "ERROR", but I still get one "WARN" :
WARN ERP.NameOfMyProvider - SearchController - Failed to get license:No appropriate protocol (protocol is disabled or cipher suites are inappropriate)

Any idea of what I may be missing ?

Just in case, here is what my indexes.conf looks like:

[provider:XXXXXX]
vix.mapreduce.framework.name = yarn
vix.splunk.search.splitter = HiveSplitGenerator
vix.hive.metastore.uris = thrift://XXXXX.com:XXXX

[index_XXXXXXXXX]
vix.input.1.splitter.hive.dbname = relevantDbName
vix.input.1.splitter.hive.tablename = theTableName
vix.input.1.splitter.hive.fileformat = orc
0 Karma

kschon_splunk
Splunk Employee
Splunk Employee

Based your error message, I'm guessing that this issue is not related to the data you are searching. Can you try searching some of the data that worked for you before, from the same Hunk instance?

It sounds like the issue is a mismatch between the security features Hunk is trying to use, and the security features allowed by your JVM. Which version of Hunk are you using? And which Java version?

0 Karma

rpicot
Explorer

Here are the versions of the softwares I'm running

$ cat $SPLUNK_HOME/etc/splunk.version
VERSION=6.3.2
BUILD=aaff59bb082c
PRODUCT=splunk
PLATFORM=Linux-x86_64

$ java -version
openjdk version "1.8.0_65"
OpenJDK Runtime Environment (build 1.8.0_65-b17)
OpenJDK 64-Bit Server VM (build 25.65-b01, mixed mode)

It made me realised that open jdk could be the culprit, so I tried the oracle version :

$ java -version
java version "1.8.0_66"
Java(TM) SE Runtime Environment (build 1.8.0_66-b17)
Java HotSpot(TM) 64-Bit Server VM (build 25.66-b17, mixed mode)

This time, I didn't got any errors or warn when querying my source for orc compressed in snappy, but I didn't got any results either.

I can confirm that on both jvm's version I can still get result from a hiveDB that spit plain text, and from a hiveDB that spit orc.

0 Karma

kschon_splunk
Splunk Employee
Splunk Employee

I'm not certain why you get this issue in some cases and not others, but it does sound like like your JVM is configured to disallow the cipher Hunk is using for SSL connections. If you prefer using OpenJDK, try editing this file:
/lib/security/java.security

And comment out the line that starts with:
jdk.tls.disabledAlgorithms=....

And see whether that gets rid of the error. I think the issue with not getting any events back from your ORC/snappy files is likely a separate issue.

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...