Splunk® Enterprise

Splunk Analytics for Hadoop

Splunk Enterprise version 7.0 is no longer supported as of October 23, 2019. See the Splunk Software Support Policy for details. For information about upgrading to a supported version, see How to upgrade Splunk Enterprise.

Configure Kerberos authentication

Splunk Analytics for Hadoop reaches End of Life on January 31, 2025.

To configure Kerberos authentication, add the following lines to the relevant provider stanza in indexes.conf:

vix.hadoop.security.authentication = kerberos
vix.java.security.krb5.kdc = <kerberos server name>
vix.java.security.krb5.realm = <kerberos default realm>
vix.kerberos.principal = <kerberos principal name of the user you want Splunk Analytics for Hadoop to interact with Hadoop, for example: SAH@YOUR-REALM.COM>
vix.kerberos.keytab = <kerberos keytab path, i.e., /path/yourdir.keytab>
vix.hadoop.security.authorization = <hadoop security authorization true/false>
vix.dfs.namenode.kerberos.principal = <hadoop namenode kerberos principal name, i.e., hdfs/_HOST@YOUR-REALM.COM>
vix.mapreduce.jobtracker.kerberos.principal = <the hadoop jobtracker kerberos principal name, i.e., mapred/_HOST@YOUR-REALM.COM>
vix.hadoop.security.auth_to_local = <the mapping from Kerberos principals to short names (optional)>
vix.mapred.job.reuse.jvm.num.tasks = 1 

Note: Setting vix.mapred.job.reuse.jvm.num.tasks = 1 lets you avoid ENOENT task failures (detailed here: https://issues.apache.org/jira/browse/MAPREDUCE-4490).

If you are using YARN, you must also add the following property to the provider stanza:

vix.yarn.resourcemanager.principal = yarn/_HOST@YOUR-REALM.COM
vix.yarn.nodemanager.principal = yarn/_HOST@YOUR-REALM.COM
# kerberos with Hive
vix.hive.metastore.sasl.enabled = <true|false> 
vix.hive.metastore.kerberos.principal = <service principal for the metastore thrift server>

If you are preprocessing Hive via a metastore, vix.hive.metastore.sasl.enabled must be set to "true".

Last modified on 30 October, 2023
Add or edit a virtual index in Splunk Web   About pass-through authentication

This documentation applies to the following versions of Splunk® Enterprise: 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.0.6, 7.0.7, 7.0.8, 7.0.9, 7.0.10, 7.0.11, 7.0.13, 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.1.4, 7.1.5, 7.1.6, 7.1.7, 7.1.8, 7.1.9, 7.1.10, 7.2.0, 7.2.1, 7.2.2, 7.2.3, 7.2.4, 7.2.5, 7.2.6, 7.2.7, 7.2.8, 7.2.9, 7.2.10, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, 7.3.5, 7.3.6, 7.3.7, 7.3.8, 7.3.9, 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5, 8.0.6, 8.0.7, 8.0.8, 8.0.9, 8.0.10, 8.1.0, 8.1.1, 8.1.2, 8.1.3, 8.1.4, 8.1.5, 8.1.6, 8.1.7, 8.1.8, 8.1.9, 8.1.10, 8.1.11, 8.1.12, 8.1.13, 8.1.14, 8.2.0, 8.2.1, 8.2.2, 8.2.3, 8.2.4, 8.2.5, 8.2.6, 8.2.7, 8.2.8, 8.2.9, 8.2.10, 8.2.11, 8.2.12, 9.0.0, 9.0.1, 9.0.2, 9.0.3, 9.0.4, 9.0.5, 9.0.6, 9.0.7, 9.0.8, 9.0.9, 9.0.10, 9.1.0, 9.1.1, 9.1.2, 9.1.3, 9.1.4, 9.1.5, 9.1.6, 9.2.0, 9.2.1, 9.2.2, 9.2.3, 9.3.0, 9.3.1


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters