About Ledion_Bitincka

Ledion_Bitincka · ‎03-26-2014

Not sure what the question/problem is. Setting up et/lt/offset in the virtual index should be similar to having the time info as part of the path.

Ledion_Bitincka · ‎03-16-2014

I'd recommend that you file a case with support making sure to include some sample/scrubbed data

Ledion_Bitincka · ‎03-06-2014

Hmm, unfortunately we don't log the entire stacktrace so we'd have to guess at this point - maybe http://stackoverflow.com/questions/19534811/cassandra-startup-java-lang-reflect-invocationtargetexception? I would recommend that you try to get the Hadoop CLI tools to work with cfs:// filesystem directly (ie no dse hadoop fs ..) and then we can apply those conf changes to Hunk - which is fs insensitive, for example we work with Amazon's s3/n out of the box.

Ledion_Bitincka · ‎03-05-2014

Can you provide search.log?

Ledion_Bitincka · ‎03-05-2014

Correct - indexes.conf. Now you're running into a classpath issue. Can you try to find the cassandra jar where this class com.datastax.bdp.hadoop.cfs.CassandraFileSystem is defined and then add that jar to the following field in the provider: vix.env.HADOOP_CLASSPATH Command to list the contents of the jar: unzip -l [jar-file] | grep CassandraFileSystem

Ledion_Bitincka · ‎03-05-2014

Thanks for clarifying what's happening. Can you try: (1) add the following to the provider stanza vix.fs.cfs.impl = com.datastax.bdp.hadoop.cfs.CassandraFileSystem (2) use vix.fs.default.name = cfs://cassandrahost/

Ledion_Bitincka · ‎03-05-2014

Hmmm, so you're not using cfs:// - I wonder where the cfs is coming from. Can you also share the contents of search.log? Also, does "hadoop fs -ls hdfs://hostname:9160/" return anything?

Ledion_Bitincka · ‎03-05-2014

Can you share the content of indexes.conf and core-site.xml? This is most likely a config issue wrt cfs not being a registered filesystem in the hadoop conf

Ledion_Bitincka · ‎03-05-2014

Great! What about calling the CLI directly as in: "hadoop fs -ls cfs://" ?

Ledion_Bitincka · ‎03-05-2014

Can you access CFS from the hadoop CLI? e.g hadoop fs -ls cfs://....

Ledion_Bitincka · ‎03-02-2014

We need a bit more info to help with crafting the search, however generally you can use the following template to "join" data sets <search for all the data> | <eval/extract all the needed fields> | stats <aggregates, fields ...> BY <fields you want to join>

Ledion_Bitincka · ‎02-16-2014

Having different kinds of formatted data in the same file is pretty unusual, but there are a couple of ways you can go about parsing this: Use props/transforms.conf to parse the data (see examples below) Write a custom data preprocessor to parse the data . system/local/props.conf [source::/path/to/source] KV_MODE = JSON SHOULD_LINEMERGE = false # uncomment line below if your data has no timestamps #DATETIME_CONFIG = NONE REPORT-recs = handle-record-2, handle-record-3 SEDCMD-json = s/^1\|(.*)/\1/g system/local/transforms.conf [handle-record-2] REGEX = ^2\|(?<field1>[^\|]+)\| [handle-record-3] REGEX = ^3\|(?<field1>[^\|]+)\| Here's an link that shows how you can anonymize data in Splunk which you might find useful.

Ledion_Bitincka · ‎02-16-2014

The SimpleCSVRecordReader will only recognize certain file extension by default, you can override the default by setting vix.splunk.search.recordreader.csv.regex If that doesn't work, it would be great if you provide a link to the contents of search.log for your search so I can help troubleshoot the issue further

Ledion_Bitincka · ‎02-16-2014

Was that a typo or did you properly set the record reader as follows? vix.splunk.search.recordreader = com.splunk.mr.input.SimpleCSVRecordReader

Ledion_Bitincka · ‎02-11-2014

You need to use a disjunction to search multiple indexes - virtual indexes behave exactly the same as native indexes in this respect. Here's an example search: index=a OR index=b

Ledion_Bitincka · ‎02-05-2014

It seems like you have incorrectly specified the HDFS port. 50070 is usually the HTTP port, you need to specify IPC/RPC port, which usually defaults to 8020. So, the solution would be to change the file system setting in the provider to: hdfs://tv-dev-clust1.tv.talktalk.lab:8020 (or whatever the port is) 02-05-2014 16:33:00.086 ERROR ERP.TestProvider - SplunkMR$SearchHandler - Failed on local exception: com.google.protobuf.InvalidProtocolBufferException: Protocol message end-group tag did not match expected tag.; Host Details : local host is: "tv-dev-clust1.tv.talktalk.lab/10.182.14.221"; destination host is: "tv-dev-clust1.tv.talktalk.lab":50070;

Ledion_Bitincka · ‎01-29-2014

This problem was pretty nasty to troubleshoot - from the stacktraces above it seems like the resource localizer is trying to use Kerberos to authenticate against the NameNode. However, it fails (as it should) because it cannot find a keytab file, because there is none. After the job submission there should be no need for the keytab files anymore because at any stage after submission the job must be using Hadoop's delegation tokens. In the above case the Hunk server was properly getting the delegation tokens from the namenode, as can be seen in the following log line: DEBUG ERP.REDACTED - SecurityUtil - Acquired token Ident: 00 16 ... 05 8b, Kind: HDFS_DELEGATION_TOKEN, Service: [external-ip-address]:8020 However, the delegtion token was for a service provided by the external IP of the Namenode (as can be see by Service: [external-ip-address]:8020) - however the resource localizer communicates with the Namenode using an internal IP ("node1234.redacted.com/10.123.123.123"; destination host is: ""namenode.redacted.com":8020; ) Thus the root cause of the problem was a mismatch between the client's and the cluster's value of hadoop.security.token.service.use_ip . The fix was to set the following flag in the provider [REDACTED] .... vix.hadoop.security.token.service.use_ip = false

Ledion_Bitincka · ‎01-29-2014

After solving this problem, we are running into an issue with the application master container not being able to launch - it seems to be failing during resource localization stage. search.log shows the following stack traces ERROR ERP.REDACTED - SplunkMR - ERROR while waiting for MapReduce job to complete, job_id=[!http://resourcemanager.redacted.com:8088/cluster/app/application_1386796141359_1780612 job_1386796141359_1780612], state=FAILED, reason=Application application_1386712341359_0000612 failed 3 times due to AM Container for appattempt_1386712341359_0000612_000003 exited with exitCode: -1000 due to: RemoteTrace: ERROR ERP.REDACTED - java.io.IOException: Failed on local exception: java.io.IOException: javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)]; Host Details : local host is: "node1234.redacted.com/10.123.123.123"; destination host is: ""namenode.redacted.com":8020; ERROR ERP.REDACTED - at org.apache.hadoop.net.NetUtils.wrapException(NetUtils.java:738) ERROR ERP.REDACTED - at org.apache.hadoop.ipc.Client.call(Client.java:1098) ERROR ERP.REDACTED - at org.apache.hadoop.ipc.WritableRpcEngine$Invoker.invoke(WritableRpcEngine.java:195) ERROR ERP.REDACTED - at com.sun.proxy.$Proxy7.getFileInfo(Unknown Source) ERROR ERP.REDACTED - at sun.reflect.NativeMethodAccessorImpl.invoke0(Native Method) ERROR ERP.REDACTED - at sun.reflect.NativeMethodAccessorImpl.invoke(NativeMethodAccessorImpl.java:57) ERROR ERP.REDACTED - at sun.reflect.DelegatingMethodAccessorImpl.invoke(DelegatingMethodAccessorImpl.java:43) ERROR ERP.REDACTED - at java.lang.reflect.Method.invoke(Method.java:601) ERROR ERP.REDACTED - at org.apache.hadoop.io.retry.RetryInvocationHandler.invokeMethod(RetryInvocationHandler.java:102) ERROR ERP.REDACTED - at org.apache.hadoop.io.retry.RetryInvocationHandler.invoke(RetryInvocationHandler.java:67) ERROR ERP.REDACTED - at com.sun.proxy.$Proxy7.getFileInfo(Unknown Source) ERROR ERP.REDACTED - at org.apache.hadoop.hdfs.DFSClient.getFileInfo(DFSClient.java:1305) ERROR ERP.REDACTED - at org.apache.hadoop.hdfs.DistributedFileSystem.getFileStatus(DistributedFileSystem.java:734) ERROR ERP.REDACTED - at org.apache.hadoop.yarn.util.FSDownload.copy(FSDownload.java:176) ERROR ERP.REDACTED - at org.apache.hadoop.yarn.util.FSDownload.access$000(FSDownload.java:51) ERROR ERP.REDACTED - at org.apache.hadoop.yarn.util.FSDownload$1.run(FSDownload.java:284) ERROR ERP.REDACTED - at org.apache.hadoop.yarn.util.FSDownload$1.run(FSDownload.java:282) ERROR ERP.REDACTED - at java.security.AccessController.doPrivileged(Native Method) ERROR ERP.REDACTED - at javax.security.auth.Subject.doAs(Subject.java:415) ERROR ERP.REDACTED - at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1284) ERROR ERP.REDACTED - at org.apache.hadoop.yarn.util.FSDownload.call(FSDownload.java:281) ERROR ERP.REDACTED - at org.apache.hadoop.yarn.util.FSDownload.call(FSDownload.java:51) ERROR ERP.REDACTED - at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334) ERROR ERP.REDACTED - at java.util.concurrent.FutureTask.run(FutureTask.java:166) ERROR ERP.REDACTED - at java.util.concurrent.Executors$RunnableAdapter.call(Executors.java:471) ERROR ERP.REDACTED - at java.util.concurrent.FutureTask$Sync.innerRun(FutureTask.java:334) ERROR ERP.REDACTED - at java.util.concurrent.FutureTask.run(FutureTask.java:166) ERROR ERP.REDACTED - at java.util.concurrent.ThreadPoolExecutor.runWorker(ThreadPoolExecutor.java:1145) ERROR ERP.REDACTED - at java.util.concurrent.ThreadPoolExecutor$Worker.run(ThreadPoolExecutor.java:615) ERROR ERP.REDACTED - at java.lang.Thread.run(Thread.java:722) ERROR ERP.REDACTED - Caused by: java.io.IOException: javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)] ERROR ERP.REDACTED - at org.apache.hadoop.ipc.Client$Connection$1.run(Client.java:537) ERROR ERP.REDACTED - at java.security.AccessController.doPrivileged(Native Method) ERROR ERP.REDACTED - at javax.security.auth.Subject.doAs(Subject.java:415) ERROR ERP.REDACTED - at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1284) ERROR ERP.REDACTED - at org.apache.hadoop.ipc.Client$Connection.handleSaslConnectionFailure(Client.java:501) ERROR ERP.REDACTED - at org.apache.hadoop.ipc.Client$Connection.setupIOstreams(Client.java:585) ERROR ERP.REDACTED - at org.apache.hadoop.ipc.Client$Connection.access$2100(Client.java:207) ERROR ERP.REDACTED - at org.apache.hadoop.ipc.Client.getConnection(Client.java:1204) ERROR ERP.REDACTED - at org.apache.hadoop.ipc.Client.call(Client.java:1074) ERROR ERP.REDACTED - ... 28 more ERROR ERP.REDACTED - Caused by: javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)] ERROR ERP.REDACTED - at com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:212) ERROR ERP.REDACTED - at org.apache.hadoop.security.SaslRpcClient.saslConnect(SaslRpcClient.java:140) ERROR ERP.REDACTED - at org.apache.hadoop.ipc.Client$Connection.setupSaslConnection(Client.java:409) ERROR ERP.REDACTED - at org.apache.hadoop.ipc.Client$Connection.access$1300(Client.java:207) ERROR ERP.REDACTED - at org.apache.hadoop.ipc.Client$Connection$2.run(Client.java:578) ERROR ERP.REDACTED - at org.apache.hadoop.ipc.Client$Connection$2.run(Client.java:575) ERROR ERP.REDACTED - at java.security.AccessController.doPrivileged(Native Method) ERROR ERP.REDACTED - at javax.security.auth.Subject.doAs(Subject.java:415) ERROR ERP.REDACTED - at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1284) ERROR ERP.REDACTED - at org.apache.hadoop.ipc.Client$Connection.setupIOstreams(Client.java:574) ERROR ERP.REDACTED - ... 31 more ERROR ERP.REDACTED - Caused by: GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt) ERROR ERP.REDACTED - at sun.security.jgss.krb5.Krb5InitCredential.getInstance(Krb5InitCredential.java:147) ERROR ERP.REDACTED - at sun.security.jgss.krb5.Krb5MechFactory.getCredentialElement(Krb5MechFactory.java:121) ERROR ERP.REDACTED - at sun.security.jgss.krb5.Krb5MechFactory.getMechanismContext(Krb5MechFactory.java:187) ERROR ERP.REDACTED - at sun.security.jgss.GSSManagerImpl.getMechanismContext(GSSManagerImpl.java:223) ERROR ERP.REDACTED - at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:212) ERROR ERP.REDACTED - at sun.security.jgss.GSSContextImpl.initSecContext(GSSContextImpl.java:179) ERROR ERP.REDACTED - at com.sun.security.sasl.gsskerb.GssKrb5Client.evaluateChallenge(GssKrb5Client.java:193) ERROR ERP.REDACTED - ... 40 more ERROR ERP.REDACTED - at LocalTrace: ERROR ERP.REDACTED - org.apache.hadoop.yarn.exceptions.impl.pb.YarnRemoteExceptionPBImpl: Failed on local exception: java.io.IOException: javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)]; Host Details : local host is: "node1234.redacted.com/10.123.123.123"; destination host is: ""namenode.redacted.com":8020; ERROR ERP.REDACTED - at org.apache.hadoop.yarn.server.nodemanager.api.protocolrecords.impl.pb.LocalResourceStatusPBImpl.convertFromProtoFormat(LocalResourceStatusPBImpl.java:217) ERROR ERP.REDACTED - at org.apache.hadoop.yarn.server.nodemanager.api.protocolrecords.impl.pb.LocalResourceStatusPBImpl.getException(LocalResourceStatusPBImpl.java:147) ERROR ERP.REDACTED - at org.apache.hadoop.yarn.server.nodemanager.containermanager.localizer.ResourceLocalizationService$LocalizerRunner.update(ResourceLocalizationService.java:820) ERROR ERP.REDACTED - at org.apache.hadoop.yarn.server.nodemanager.containermanager.localizer.ResourceLocalizationService$LocalizerTracker.processHeartbeat(ResourceLocalizationService.java:497) ERROR ERP.REDACTED - at org.apache.hadoop.yarn.server.nodemanager.containermanager.localizer.ResourceLocalizationService.heartbeat(ResourceLocalizationService.java:224) ERROR ERP.REDACTED - at org.apache.hadoop.yarn.server.nodemanager.api.impl.pb.service.LocalizationProtocolPBServiceImpl.heartbeat(LocalizationProtocolPBServiceImpl.java:46) ERROR ERP.REDACTED - at org.apache.hadoop.yarn.proto.LocalizationProtocol$LocalizationProtocolService$2.callBlockingMethod(LocalizationProtocol.java:57) ERROR ERP.REDACTED - at org.apache.hadoop.yarn.ipc.ProtoOverHadoopRpcEngine$Server.call(ProtoOverHadoopRpcEngine.java:353) ERROR ERP.REDACTED - at org.apache.hadoop.ipc.Server$Handler$1.run(Server.java:1543) ERROR ERP.REDACTED - at org.apache.hadoop.ipc.Server$Handler$1.run(Server.java:1539) ERROR ERP.REDACTED - at java.security.AccessController.doPrivileged(Native Method) ERROR ERP.REDACTED - at javax.security.auth.Subject.doAs(Subject.java:415) ERROR ERP.REDACTED - at org.apache.hadoop.security.UserGroupInformation.doAs(UserGroupInformation.java:1284) ERROR ERP.REDACTED - at org.apache.hadoop.ipc.Server$Handler.run(Server.java:1537) ERROR ERP.REDACTED - Caused by: org.apache.hadoop.yarn.exceptions.impl.pb.YarnRemoteExceptionPBImpl: javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt)] ERROR ERP.REDACTED - at org.apache.hadoop.yarn.exceptions.impl.pb.YarnRemoteExceptionPBImpl.getCause(YarnRemoteExceptionPBImpl.java:90) ERROR ERP.REDACTED - at org.apache.hadoop.yarn.exceptions.impl.pb.YarnRemoteExceptionPBImpl.getCause(YarnRemoteExceptionPBImpl.java:28) ERROR ERP.REDACTED - at java.lang.Throwable.printStackTrace(Throwable.java:664) ERROR ERP.REDACTED - at java.lang.Throwable.printStackTrace(Throwable.java:720) ERROR ERP.REDACTED - at org.apache.hadoop.yarn.exceptions.YarnRemoteException.printStackTrace(YarnRemoteException.java:48) ERROR ERP.REDACTED - at org.apache.hadoop.util.StringUtils.stringifyException(StringUtils.java:69) ERROR ERP.REDACTED - at org.apache.hadoop.yarn.server.nodemanager.containermanager.container.ContainerImpl$ResourceFailedTransition.transition(ContainerImpl.java:702) ERROR ERP.REDACTED - at org.apache.hadoop.yarn.server.nodemanager.containermanager.container.ContainerImpl$ResourceFailedTransition.transition(ContainerImpl.java:695) ERROR ERP.REDACTED - at org.apache.hadoop.yarn.state.StateMachineFactory$SingleInternalArc.doTransition(StateMachineFactory.java:359) ERROR ERP.REDACTED - at org.apache.hadoop.yarn.state.StateMachineFactory.doTransition(StateMachineFactory.java:299) ERROR ERP.REDACTED - at org.apache.hadoop.yarn.state.StateMachineFactory.access$300(StateMachineFactory.java:43) ERROR ERP.REDACTED - at org.apache.hadoop.yarn.state.StateMachineFactory$InternalStateMachine.doTransition(StateMachineFactory.java:445) ERROR ERP.REDACTED - at org.apache.hadoop.yarn.server.nodemanager.containermanager.container.ContainerImpl.handle(ContainerImpl.java:828) ERROR ERP.REDACTED - at org.apache.hadoop.yarn.server.nodemanager.containermanager.container.ContainerImpl.handle(ContainerImpl.java:71) ERROR ERP.REDACTED - at org.apache.hadoop.yarn.server.nodemanager.containermanager.ContainerManagerImpl$ContainerEventDispatcher.handle(ContainerManagerImpl.java:556) ERROR ERP.REDACTED - at org.apache.hadoop.yarn.server.nodemanager.containermanager.ContainerManagerImpl$ContainerEventDispatcher.handle(ContainerManagerImpl.java:549) ERROR ERP.REDACTED - at org.apache.hadoop.yarn.event.AsyncDispatcher.dispatch(AsyncDispatcher.java:130) ERROR ERP.REDACTED - at org.apache.hadoop.yarn.event.AsyncDispatcher$1.run(AsyncDispatcher.java:77) ERROR ERP.REDACTED - at java.lang.Thread.run(Thread.java:722) ERROR ERP.REDACTED - Caused by: org.apache.hadoop.yarn.exceptions.impl.pb.YarnRemoteExceptionPBImpl: GSS initiate failed ERROR ERP.REDACTED - at org.apache.hadoop.yarn.exceptions.impl.pb.YarnRemoteExceptionPBImpl.getCause(YarnRemoteExceptionPBImpl.java:90) ERROR ERP.REDACTED - at org.apache.hadoop.yarn.exceptions.impl.pb.YarnRemoteExceptionPBImpl.getCause(YarnRemoteExceptionPBImpl.java:28) ERROR ERP.REDACTED - at java.lang.Throwable.printEnclosedStackTrace(Throwable.java:706) ERROR ERP.REDACTED - at java.lang.Throwable.printStackTrace(Throwable.java:666) ERROR ERP.REDACTED - ... 16 more ERROR ERP.REDACTED - Caused by: org.apache.hadoop.yarn.exceptions.impl.pb.YarnRemoteExceptionPBImpl: No valid credentials provided (Mechanism level: Failed to find any Kerberos tgt) ERROR ERP.REDACTED - at org.apache.hadoop.yarn.exceptions.impl.pb.YarnRemoteExceptionPBImpl.getCause(YarnRemoteExceptionPBImpl.java:90) ERROR ERP.REDACTED - at org.apache.hadoop.yarn.exceptions.impl.pb.YarnRemoteExceptionPBImpl.getCause(YarnRemoteExceptionPBImpl.java:28) ERROR ERP.REDACTED - at java.lang.Throwable.printEnclosedStackTrace(Throwable.java:706) ERROR ERP.REDACTED - at java.lang.Throwable.printEnclosedStackTrace(Throwable.java:708) ERROR ERP.REDACTED - ... 17 more ERROR ERP.REDACTED - .Failing this attempt.. Failing the application.

Ledion_Bitincka · ‎01-29-2014

The root cause of the above problem was a typo in the service principal specification for the resourcemananager principal vix.yarn.resourcemanager.principal = yarn/namenode.redacted.com@REDACTED.COM a change to the generic/wildcard principal specification fixed the issue vix.yarn.resourcemanager.principal = yarn/_HOST@REDACTED.COM

Ledion_Bitincka · ‎01-29-2014

Running into an issue with Hunk against our Kerberized, YARN cluster. The Hunk principal auth works fine, what ends up happening is that a search will kick off, start searching thru events returns some results and previews: but after running over ~1 minute, it dies with: 01-27-2014 18:56:39.021 ERROR ERP.redacted-provider - UserGroupInformation - PriviledgedActionException as:hunk@REDACTED.COM (auth:KERBEROS) cause:javax.security.sasl.SaslException: GSS initiate failed [Caused by GSSException: No valid credentials provided (Mechanism level: Server not found in Kerberos database (7) - UNKNOWN_SERVER)] the following error message is thrown in the UI too [redacted-provider] JobStartException - Failed to start MapReduce job. Please consult search.log for more information. Message: [ Failed to start MapReduce job, name=SPLK_search1.dev.hunk.redacted.com_1390848963.3_0 ] and [ null ] Any pointers would be appreciated

Ledion_Bitincka · ‎01-22-2014

What kind of search are you running from Hunk? You need to run a reporting search in order for Hunk to spawn a MapReduce/Yarn job, e.g. index=MyVix | stats count by source

Ledion_Bitincka · ‎01-10-2014

The root cause of the problem here is that the JVM prints those warnings to stdout, which Hunk uses as a communication channel with the search process - thus breaking the communication protocol. You should be able to disable the warnings thrown by the JVM by adding the following Java options to vix.env.HADOOP_CLIENT_OPTS in the provider: -XX:-PrintWarnings This should disable JVM warnings altogether, or you can redirect them to the stderr instead -XX:+DisplayVMOutputToStderr

Ledion_Bitincka · ‎01-09-2014

Currently Hunk optimizes data access if the data is partitioned and Hunk is properly configured to recognize those partitions. Two types of partitioning exist: (a) time based, this is when the data is structured hierarchically using some time partitioning and (b) field based partitioning. For example if your data is organized as follows /some/path/20140108/server1/... /some/path/20140108/server2/... /some/path/20140109/server1/... /some/path/20140109/server2/... You can configure Hunk to recognize the third segment in the path as the data and the fourth segment as the server field. You can look at the details of how to do that here Currently Hunk does not have the ability to optimize data access based on the file content, because we don't create an index - we just access/process the data in it's raw form. Does this help?

Ledion_Bitincka · ‎01-03-2014

This is similar to this question . You can do what you need by using REPORT in props.conf and transforms.conf to define the extraction rule, e.g. props.conf [sourcetype] ... REPORT-xyz = perfmon-vals transforms.conf [perfmon-vals] REGEX = ,(\d+) MV_ADD = true

Ledion_Bitincka · ‎11-24-2013

Yes, summary indexing is fully supported in Hunk - you can find more info about it here

Posts	313
Solutions	72
Karma Given	53
Karma Received	252
Member Since	‎01-15-2010

Online Status	Offline
Date Last Visited	‎06-05-2020 02:02 AM

How to get Hunk to recognize timestamps with sub-s...

Hunk has problems running MapReduce jobs against E...

ERROR while waiting for MapReduce job to complete ...

Failed to start MapReduce job. Please consult sear...

EMR issues, MapReduce job killed

Hunk search problem: Cannot initialize Cluster.

Issue reading snappy files using Hunk

Exception when running a search in Hunk

Error while running Hunk search: Cannot initialize...

what does connected mean in transaction

Re: Hunk: timerange from filename

Re: BUG: Automatic field extraction is flakey in v...

Re: Anyone ever tried using Hunk with Datastax Ent...

Re: Anyone ever tried using Hunk with Datastax Ent...

Re: Anyone ever tried using Hunk with Datastax Ent...

Re: Anyone ever tried using Hunk with Datastax Ent...

Re: Anyone ever tried using Hunk with Datastax Ent...

Re: Anyone ever tried using Hunk with Datastax Ent...

Re: Anyone ever tried using Hunk with Datastax Ent...

Re: Anyone ever tried using Hunk with Datastax Ent...

Re: Help using multiple sources

Re: Hunk - Conditional Record Format

Re: Hunk - SimpleCSVRecordReader

Re: Hunk - SimpleCSVRecordReader

Re: search hunk virtual index and splunk index in ...

Re: Hadoop Virtual Index - No Results Found

Re: ERROR while waiting for MapReduce job to compl...

ERROR while waiting for MapReduce job to complete ...

Re: Failed to start MapReduce job. Please consult ...

Failed to start MapReduce job. Please consult sear...

Re: Hunk MR jobs doesn't show up on Resource Manag...

Re: Hunk Reports an Error with Apache Hadoop

Re: Filtering events from Hadoop unstructured data

Re: Multivalue Field Extraction issue.

Re: Can I use summary index in Hunk environment fo...

Join the Conversation