Hunk®(Legacy)

Hunk User Manual

Download manual as PDF

Download topic as PDF

Add or edit a virtual index in the user interface

You can also add HDFS providers and virtual indexes by editing indexes.conf. See "Set up a virtual index" in this manual for instructions on setting up virtual indexes in the configuration file.

1. Select Settings > Virtual Indexes.

VIMenu.png

2. Click the Virtual Indexes tab and click New Virtual Index or click the name of the index you want to edit.

VirtualIndexes.png

The New/Edit Virtual Index page appears:

NewVirtualIndex.png

3. In the Name field, provide a name for your virtual index.

4. Select a Provider. To add a new provider, see Add an HDFS provider.

5. Provide the following path information:

  • Path to data in HDFS: This is the path to the data that Hunk will be accessing and reporting on. For example:

/home/data/apache/logs/

  • Recursively process the directory: Check this if you want Hunk to (recursively) include the content of sub directories.
  • Whitelist: Provide a regex that matches the file path. You can specify regular expressions to filter in/out files (based on the full path) that should/not be considered part of the virtual index. A common use case for using it is to ignore temporary files, or files that are currently being written to. Keep in mind that ignore takes precedence over accept. For example: \.gz$

6. Check Customize timestamp format to open the controls that allow you to customize how data is collected based on timestamp information. Use simple date format to optionally customize the following:

  • Time capturing Regex: Provide a regex that determines the earliest date/time that will be collected and processed based on timestamp. For example: /home/data/(\d+)/(\d+)/
  • Time Format: For the earliest time above, provide a time format that describes how to interpret the extracted time string. For example: yyyyMMddHH
  • Time Adjustment: Amount of time, in seconds, to add to the earliest time. Example (+7hrs): 25200
  • Time Range: Provide a time range for which the index should collect data.
  • Time Zone: Select your time zone.
PREVIOUS
Add or edit an HDFS provider in the user interface
  NEXT
Set up virtual indexes for archived Hadoop files

This documentation applies to the following versions of Hunk®(Legacy): 6.0, 6.0.1, 6.0.2, 6.0.3, 6.1, 6.1.1, 6.1.2, 6.1.3, 6.2, 6.2.1, 6.2.2, 6.2.3, 6.2.4, 6.2.5, 6.2.6, 6.2.7, 6.2.8, 6.2.9, 6.2.10, 6.2.11, 6.2.12, 6.2.13, 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, 6.3.6, 6.3.7, 6.3.8, 6.3.9, 6.3.10, 6.3.11, 6.3.12, 6.3.13, 6.4.0, 6.4.1, 6.4.2, 6.4.3, 6.4.4, 6.4.5, 6.4.6, 6.4.7, 6.4.8, 6.4.9, 6.4.10, 6.4.11


Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters