Explore HDFS or a mounted file system
For on-demand search and visualization of data in in your Hadoop directories, use the Explore page to explore the Hadoop clusters or mounted file systems you have mapped to the Splunk platform, and to view the details of export jobs. For information about mapping HDFS clusters or mounted file systems, see "Configure Splunk Hadoop Connect" in this manual.
The Explore functionality lets you dig into your HDFS directories and files in detail, all the way down to the file property level for a variety of file types. Use the information to preview and determine the files you want to index into Splunk Enterprise and read them at search time.
You can use the ability to read data at search time as a way to visualize the results of analytics that you generated in Hadoop. For example, you can read the results of a MapReduce job that ran in Hadoop and display them in a dashboard, maybe next to a few panels that are populated with searches. Data you explore and search from Hadoop in this manner is not indexed and index-time logic is not applied to this data.
Use HDFS Explore
Select the location of the directories you want to explore. Use the drop-down menu to select from existing configured locations or type the location into the Go To field.
When you provide a location, the directories residing at that location appear in the table. Click the directories that appear for each location to drill down through additional directory layers until you get to the file level.
When you drill down to the file level, the Search link appears. Click Search to explore the contents of that file. The contents of the file are read at search time, not indexed.
Click Add as data input for a file or directory to index the contents.
See "Import from HDFS" for information about adding an input.
Note: You can only add HDFS clusters to Hadoop Connect as input. Add your mounted file system to the Splunk platform as regular input. Clicking "Add as data input" for a local file system takes you to the Splunk input page.
Export to HDFS or a mounted file system
Import from HDFS
This documentation applies to the following versions of Splunk® Hadoop Connect: 1.2, 1.2.1, 1.2.2, 1.2.3, 1.2.4, 1.2.5