Hunk User Manual

Meet Hunk

Hadoop lets you store massive amounts of structured, polystructured, and unstructured data. Extracting value from that data, however, can be a difficult and time consuming task.

Hunk lets you access data in remote Hadoop clusters through virtual indexes and lets you use the Splunk Search Processing Language to analyze your data.

With Hunk you can do the following with your Hadoop or NoSQL data:

  • Report and visualize large amounts of data.
  • Preview report data to fine-tune your search-generating reports.
  • Accelerate reports to create cache saved-search results in HDFS.
  • Automate access to Apache Hive and other file formats including
    • text files
    • sequence files
    • Record Columnar Files (RCFile)
    • Optimized Row Columnar (ORC) files
    • Parquet columnar files
  • Use pass-through authentication to let users run MapReduce jobs in secured Hadoop clusters.
  • Run combined reports on Hadoop data and data from your Splunk Enterprise indexes.
  • Extend Hunk to NoSQL or other data stores using streaming resource libraries.
  • Use SDKs and apps with Hadoop data.

Because of how data is stored in Hadoop, certain Splunk Enterprise index behaviors cannot be duplicated:

  • Hunk doesn't support real-time searching of Hadoop data, although preview functionality and report acceleration is available.
  • Because large databases, such and Hadoop and NoSQL do not sort events in order, a Splunk Enterprise search command that depends on implicit time and/or order exhibits different behavior in Hunk (for example: head, tail, delta, etc). For information about how certain timestamp-sensitive commands work with virtual indexes, see "Search a virtual index" in this manual.
  • Data is not always returned as quickly as data is returned for a local index.

To set up Hunk to work with your own HDFS data, see "About installing and configuring Hunk."

To learn about configuring and searching data in the Hunk user interface, see "Work in the Hunk user interface."

To learn more about how Hunk works, see "Hunk concepts."

To test drive Hunk on a virtual machine using sample data, see the Tutorial.

Last modified on 27 January, 2016
  What's new for Hunk

This documentation applies to the following versions of Hunk®(Legacy): 6.1, 6.1.1, 6.1.2, 6.1.3, 6.2, 6.2.1, 6.2.2, 6.2.3, 6.2.4, 6.2.5, 6.2.6, 6.2.7, 6.2.8, 6.2.9, 6.2.10, 6.2.11, 6.2.12, 6.2.13, 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, 6.3.6, 6.3.7, 6.3.8, 6.3.9, 6.3.10, 6.3.11, 6.3.12, 6.3.13, 6.4.0, 6.4.1, 6.4.2, 6.4.3, 6.4.4, 6.4.5, 6.4.6, 6.4.7, 6.4.8, 6.4.9, 6.4.10, 6.4.11

Was this topic useful?

You must be logged into in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters