Hunk®(Legacy)

Hunk User Manual

Acrobat logo Download manual as PDF


This documentation does not apply to the most recent version of Hunk®(Legacy). For documentation on the most recent version, go to the latest release.
Acrobat logo Download topic as PDF

FAQ

Q. Can you search Splunk indexes and Hadoop in the same query?

A. Yes! In order to do this, you install Splunk and add two licenses: one for Hunk and one for Splunk Enterprise.


Q. Are all the new Splunk Enterprise 6.0 reporting tools/functions available when searching Hadoop?

A. Yes, with a few exceptions. A few commands (transaction & localize) that rely on event time order do not work. For information about search command behavior specific to Hunk, see Search a virtual index.


Q. What is the overhead on the Hadoop infrastructure to deploy from Splunk?

A. Minimal! You just need enough local disk to store the Splunk deployment and temporary disk usage needs. 5GB of local storage would more than meet your needs. There are no agents running. Hunk only executes processes on Hadoop as part of the MapReduce job and leaves no running processes behind.


Q. What happens to the virtual index after a report is complete?

A. Nothing. The virtual index waits, retaining the settings and information exactly as you configured it, ready for the next report you run.


Q. Does summary indexing work with Hunk?

A. Yes traditional summary indexing and tscollect are supported in Hunk.


Q. Is there a limit to the number of results that can be returned from an HDFS directory?

A. No.


Q. How does this affect ingest rates for licensing purposes?

A. It doesn't! Hunk processes data that is already in Hadoop, so you are not processing data in Splunk. Hunk pricing is not based on data the way it is in Splunk. For more information about pricing and licensing, see your sales representative.


Q. Where does the reduce phase/function execute?

A. In the search head.


Q. Which Hadoop distributions will work with Hunk?

A. All Apache Hadoop-based distributions, including Cloudera and Hortonworks, as well as MapR. For more information about system requirements for Hunk, see System and software requirements.


Q. Do you need a Splunk Enterprise license to run Hunk?

A. Hunk is a separate product and has its own license. You'll need a Splunk Enterprise license only if you want to run searches against Splunk Enterprise indexers.


Q. Can I use Hunk and Splunk together?

A. Absolutely. You can install both licenses on an installation of Splunk 6.0 build to analyze and compare data on local and virtual indexes.


Q. I'd like to give Hunk a spin, how can I get a copy to play with?

A: Download it! Splunk/Hunk downloads come with a "Trial" license which allows Hunk and Splunk Enterprise features for 60 days. After that, if you still want to use it, you'll need to contact a sales representative and purchase the full license.

Q. Why would I move data from Hadoop to Splunk?

A. Most likely, you wouldn't. Moving data is an expensive proposition, which is why we developed Hunk. The only reason you might move data in an HDFS directory into a local Splunk index is if you need to do needle-in-haystack type searches.


Q. Can you analyze data when some data is in Splunk and some in Hadoop?

A. Yes, you can analyze and correlate data that resides in different Hadoop clusters. You'll need both licenses: Hunk and Splunk Enterprise.


Q. Can I configure a Splunk search head to connect to Hadoop/Hunk?

A. No, you will need a license for Hunk and a search head configured specifically to work with virtual indexes.

Last modified on 13 May, 2014
PREVIOUS
How Splunk returns reports on Hadoop data 		  NEXT
Learn more and get help

This documentation applies to the following versions of Hunk®(Legacy): 6.0, 6.0.1, 6.0.2, 6.0.3

Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters