Meet Hunk
Hadoop lets you store massive amounts of structured, polystructured and unstructured data, however extracting value from that data can be a hard and time consuming task.
Hunk lets you access data in remote Hadoop clusters via virtual indexes and allows you to use the Splunk Processing Language to analyze your data using the full power of Hadoop and NoSQL data stores.
With Hunk you can do the following with your Hadoop or NoSQL data:
- Process large amounts of structured, polystructured and unstructured data.
- Report and visualize large amounts of data.
- Preview report data to fine to your search-generating reports.
- Run combined reports on Hadoop data and data from your Splunk Enterprise indexes.
- Use SDKs and apps with Hadoop data.
Due to the nature of how data is stored in Hadoop, there are certain Splunk Enterprise index behaviors that cannot be duplicated:
- Hunk currently doesn't support real-time searching of Hadoop data, although preview functionality and report acceleration is available.
- Since events are not sorted in any particular order, any search command which depends on implicit time order will exhibit different behavior in Hunk. (For example: head, tail, delta, etc.) For more information about how certain timestamp-sensitive commands work with virtual indexes, see "Search a virtual index" in this manual.
- Data is not always returned as quickly as data is returned for a local index.
To set up Hunk to work with your own HDFS data, see "About installing and configuring Hunk."
To learn about configuring and searching data in the Hunk user interface, see "Work in the Hunk user interface."
To learn more about how Hunk works, see "Hunk concepts."
To test drive Hunk on a virtual machine using sample data we provide, see the Tutorial.
NEXT How Splunk returns reports on Hadoop data |
This documentation applies to the following versions of Hunk®(Legacy): 6.0, 6.0.1, 6.0.2, 6.0.3
Feedback submitted, thanks!