Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for
- About billfriese
billfriese
Explorer
Member since:
01-03-2014
06-05-2020
Community Statistics
| Posts | 7 |
| Solutions | 0 |
| Karma Given | 0 |
| Karma Received | 1 |
| Member Since | 01-03-2014 |
Activity Feed
- Got Karma for Re: Error configuring Hadoop Connect on Windows.. 06-05-2020 12:46 AM
- Posted Re: Missing interesting fields in the Search & Reporting screen on Splunk Search. 02-26-2014 08:35 AM
- Posted Re: Error configuring Hadoop Connect on Windows. on Getting Data In. 02-19-2014 02:19 PM
- Posted Error configuring Hadoop Connect on Windows. on Getting Data In. 02-19-2014 01:49 PM
- Tagged Error configuring Hadoop Connect on Windows. on Getting Data In. 02-19-2014 01:49 PM
- Tagged Error configuring Hadoop Connect on Windows. on Getting Data In. 02-19-2014 01:49 PM
- Tagged Error configuring Hadoop Connect on Windows. on Getting Data In. 02-19-2014 01:49 PM
- Tagged Error configuring Hadoop Connect on Windows. on Getting Data In. 02-19-2014 01:49 PM
- Posted Re: Missing interesting fields in the Search & Reporting screen on Splunk Search. 01-29-2014 12:50 PM
- Posted Re: Missing interesting fields in the Search & Reporting screen on Splunk Search. 01-27-2014 01:42 PM
- Posted Re: Missing interesting fields in the Search & Reporting screen on Splunk Search. 01-27-2014 12:34 PM
- Posted Missing interesting fields in the Search & Reporting screen on Splunk Search. 01-27-2014 10:31 AM
- Tagged Missing interesting fields in the Search & Reporting screen on Splunk Search. 01-27-2014 10:31 AM
- Tagged Missing interesting fields in the Search & Reporting screen on Splunk Search. 01-27-2014 10:31 AM
- Tagged Missing interesting fields in the Search & Reporting screen on Splunk Search. 01-27-2014 10:31 AM
- Tagged Missing interesting fields in the Search & Reporting screen on Splunk Search. 01-27-2014 10:31 AM
Topics I've Started
| Subject | Karma | Author | Latest Post |
|---|---|---|---|
| 0 | |||
| 0 |
02-26-2014
08:35 AM
I am still working on this problem. I find that Splunk does process the headers if Splunk imports the files locally. But if the file is from HDFS, the headers are not processed. Is this what I am to expect?
... View more
02-19-2014
02:19 PM
1 Karma
I did as instructed.
UDFS URI: 192.168.195.130:8020
HADOOP_HOME: C:\hdp\hadoop-2.2.0.2.0.6.0-0009
JAVA_HOME: C:\java\jdk1.6.0_31
Namenode HTTP Port: 50070
The above directories are correct for I tested them in a Command Prompt and the HDFS URI is correct for the following works:
hadoop fs -ls hdfs://192.168.195.130:8020/
The entire error response I am receiving is:
Unable to connect to Hadoop cluster 'hdfs://192.168.195.130:8020/' with principal 'None': Invalid JAVA_HOME. Cannot find Java command under bin directory JAVA_HOME='C:\java\jdk1.6.0_31'..
What should I do to fix this error?
... View more
02-19-2014
01:49 PM
I installed HortonWorks and the latest version of Splunk on the same Windows 2008 Server VMWare machine. Within Splunk Web, I installed the latest Hadoop Connect for Windows. When I add a new HDFS Cluster, it is telling me that it "Cannot find Java command under bin directory JAVA_HOME='C:\java\jdk1.6.0_31\'. I know this is the correct directory for I can navigate to that directory on that machine and that directory does have a 'bin' directory with all the java executables. I also tried to reformat the JAVA_HOME entry field to be any of the following:
C:\java\jdk1.6.0_31
\java\jdk1.6.0_31
\java\jdk1.6.0_31\
C:/java/jdk1.6.0_31/
C:/java/jdk1.6.0_31
/java/jdk1.6.0_31
or
/java/jdk1.6.0_31/
and it still gives the same error.
What am I to enter to make this work?
Thanks, Bill.
... View more
01-29-2014
12:50 PM
I just checked the Hadoop inputs.conf file and its contents all looks accurate including the "sourcetype". The file only contains the following:
[hdfs://192.168.56.102:9000/WeatherStationInfo/]
index = weather
sourcetype = weatherInfo
whitelist = *.txt
... View more
01-27-2014
01:42 PM
I just made Splunk index only one of the files that I made local to Splunk using the same settings I used for the other source and Splunk successfully provided the list of fields in the csv file. Could this be a problem when using Hadoop?
My next test will be to index the files found in a local directory to Splunk.
... View more
01-27-2014
12:34 PM
I did as you suggested but it is still failing to list any of the fields in the csv files. The /opt/splunk/etc/system/local/props.conf now contains:
[weatherInfo]
INDEXED_EXTRACTIONS = csv
KV_MODE = none
NO_BINARY_CHECK = 1
SHOULD_LINEMERGE = false
TIME_FORMAT = %Y-%m-%d %H:%M:%S pulldown_type = 1
CHECK_FOR_HEADERS = true
To force Splunk to re-index the files, I cleaned all Splunk events by executing the "./splunk clean eventdata" command. I then renamed all the files in the 192.168.56.102:9000/WeatherStationInfo/ directory so that Splunk will reprocess the files.
... View more
01-27-2014
10:31 AM
When I use the Splunk's Search & Reporting screen, it does not list any of the Interesting fields that are in the csv files it indexed.
I added a Hadoop Connect input and is configured as:
Resource name: 192.168.56.102:9000/WeatherStationInfo/
White list regex: *.txt
Set the source type: Manual
Source type: weatherInfo
Host field value: splunk
Index: weather
/opt/splunk/etc/system/local/props.conf contains:
[weatherInfo]
INDEXED_EXTRACTIONS = csv
KV_MODE = none
NO_BINARY_CHECK = 1
SHOULD_LINEMERGE = false
TIME_FORMAT = %Y-%m-%d %H:%M:%S
pulldown_type = 1
One of the files Splunk indexed was:
Time,TemperatureF,DewpointF,PressureIn,WindDirection,WindDirectionDegrees,WindSpeedMPH,WindSpeedGustMPH,Humidity,HourlyPrecipIn,Conditions,Clouds,dailyrainin,SolarRadiationWatts/m^2,SoftwareType,DateUTC
2014-01-01 00:00:00,45.2,24.4,30.16,ENE,71,1.0,4.0,44,0.00,,,0.00,0.0,WUHU216DAVISVP2,2014-01-01 08:00:00,
2014-01-01 00:05:00,45.3,24.0,30.16,ENE,65,2.0,4.0,43,0.00,,,0.00,0.0,WUHU216DAVISVP2,2014-01-01 08:05:00,
2014-01-01 00:10:00,45.6,24.2,30.16,ENE,65,2.0,4.0,43,0.00,,,0.00,0.0,WUHU216DAVISVP2,2014-01-01 08:10:00,
...
The fields listed on the first line, such as TemperatureF, are not listed as one of the Interesting fields and I cannot use them to search. Where am I doing wrong?
Thanks, Bill.
... View more
Contact Me
| Online Status |
Offline
|
| Date Last Visited |
06-05-2020
02:03 AM
|
