The vector Splunk_hec_log [1] support compression algorithms gzip,snappy,zlib and zstd. It seems the server splunk HEC only supports gzip(I am using docker.io/splunk/splunk 9.2...
....NativeCodeLoader.buildSupportsSnappy(Native Method)
09-08-2014 19:28:25.530 INFO ERP.MyHadoopProvider - at org.apache.hadoop.io.compress.SnappyCodec.checkNativeCodeLoaded(SnappyCodec.java:62)
09-08-2...
Hi everyone,
I'm already able to get with hunk via hive some text files, and orc tables, but the table I'm now trying to reach is orc, compressed in snappy.
When I make a search, the web i...
We have a pretty large (?) environment that we just upgraded from 5.0.5 to 6.0.2 and would anecdotally say 6 isn't quite as snappy as 5. In this context I'm saying snappy in terms of quickness to r...
Hi all,
I have a few files (containing syslog events) in my Hadoop HDFS compressed using Snappy, and I configured Splunk to read that data using the virtual indexes.
Without compression, the e...
Splunk = Hunk 6.2.8 and Hunk 6.3.3
Hadoop = HDP 2.3.x
Symptoms = Searches don't return some results. On an example data set (JSON files compressed with snappy) it was observed that tiny s...
I've been asked to produce a report with typical hourly volumes for our application on Fridays. So I put together this snappy search.
index=prod event_name="LOGIN" date_wday=friday
| eval h...
Hi,
I have a weird issue where when a log rolls and a new log gets created, it takes about a day or so to actually show the new log in Splunk. Looking on the server, the new log exists. But Splu...