Splunk® Enterprise

Splunk Analytics for Hadoop

Acrobat logo Download manual as PDF

Splunk Enterprise version 7.0 is no longer supported as of October 23, 2019. See the Splunk Software Support Policy for details. For information about upgrading to a supported version, see How to upgrade Splunk Enterprise.
Acrobat logo Download topic as PDF

Configure Kerberos authentication

To configure Kerberos authentication, add the following lines to the relevant provider stanza in indexes.conf:

vix.hadoop.security.authentication = kerberos
vix.java.security.krb5.kdc = <kerberos server name>
vix.java.security.krb5.realm = <kerberos default realm>
vix.kerberos.principal = <kerberos principal name of the user you want Splunk Analytics for Hadoop to interact with Hadoop, for example: SAH@YOUR-REALM.COM>
vix.kerberos.keytab = <kerberos keytab path, i.e., /path/yourdir.keytab>
vix.hadoop.security.authorization = <hadoop security authorization true/false>
vix.dfs.namenode.kerberos.principal = <hadoop namenode kerberos principal name, i.e., hdfs/_HOST@YOUR-REALM.COM>
vix.mapreduce.jobtracker.kerberos.principal = <the hadoop jobtracker kerberos principal name, i.e., mapred/_HOST@YOUR-REALM.COM>
vix.hadoop.security.auth_to_local = <the mapping from Kerberos principals to short names (optional)>
vix.mapred.job.reuse.jvm.num.tasks = 1 

Note: Setting vix.mapred.job.reuse.jvm.num.tasks = 1 lets you avoid ENOENT task failures (detailed here: https://issues.apache.org/jira/browse/MAPREDUCE-4490).

If you are using YARN, you must also add the following property to the provider stanza:

vix.yarn.resourcemanager.principal = yarn/_HOST@YOUR-REALM.COM
vix.yarn.nodemanager.principal = yarn/_HOST@YOUR-REALM.COM
# kerberos with Hive
vix.hive.metastore.sasl.enabled = <true|false> 
vix.hive.metastore.kerberos.principal = <service principal for the metastore thrift server>

If you are preprocessing Hive via a metastore, vix.hive.metastore.sasl.enabled must be set to "true".

Last modified on 09 September, 2016
PREVIOUS
Add or edit a virtual index in Splunk Web
  NEXT
About pass-through authentication

This documentation applies to the following versions of Splunk® Enterprise: 6.5.0, 6.5.1, 6.5.2, 6.5.3, 6.5.4, 6.5.5, 6.5.6, 6.5.7, 6.5.8, 6.5.9, 6.5.10, 6.6.0, 6.6.1, 6.6.2, 6.6.3, 6.6.4, 6.6.5, 6.6.6, 6.6.7, 6.6.8, 6.6.9, 6.6.10, 6.6.11, 6.6.12, 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.0.6, 7.0.7, 7.0.8, 7.0.9, 7.0.10, 7.0.11, 7.0.13, 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.1.4, 7.1.5, 7.1.6, 7.1.7, 7.1.8, 7.1.9, 7.1.10, 7.2.0, 7.2.1, 7.2.2, 7.2.3, 7.2.4, 7.2.5, 7.2.6, 7.2.7, 7.2.8, 7.2.9, 7.2.10, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, 7.3.5, 7.3.6, 7.3.7, 7.3.8, 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5, 8.0.6, 8.0.7, 8.1.0


Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters