Splunk® Enterprise

Splunk Analytics for Hadoop

Acrobat logo Download manual as PDF

Splunk Enterprise version 7.1 is no longer supported as of October 31, 2020. See the Splunk Software Support Policy for details. For information about upgrading to a supported version, see How to upgrade Splunk Enterprise.
Acrobat logo Download topic as PDF

Set up your search head instance

Once you have installed Splunk and licensed Splunk Analytics for Hadoop, you must configure a search head to support the providers and virtual indexes you will add later.

See Set up a provider and virtual index for more information about configuring providers and virtual indexes.

1. Keep a copy of the .tgz version of Splunk on your search head (you need this package even after installing it on the search head).

During the first virtual index search, Splunk Analytics for Hadoop copies this package to HDFS then extracts it into all TaskTracker nodes that participate in the search. The extracted package is used to process search results in Hadoop.

If you have already installed a Linux version of Splunk Enterprise using a download other than the .tgz, download a copy of the splunk_package.tgz file to install on your search head.

2. If you have not done so already, install Java on the search head. You'll need this to access the Hadoop cluster.

3. Install the Hadoop client libraries on your search head. Keep in mind that the client libraries must be the same version as your Hadoop cluster. For instructions on how to download and install Hadoop Client libraries, as well the JDK, see Install Hadoop CLI in the Hadoop Connect manual.

Last modified on 12 September, 2016
Install Splunk to use Splunk Analytics for Hadoop
Upgrade your search head for Splunk Analytics for Hadoop

This documentation applies to the following versions of Splunk® Enterprise: 6.5.0, 6.5.1, 6.5.2, 6.5.3, 6.5.4, 6.5.5, 6.5.6, 6.5.7, 6.5.8, 6.5.9, 6.5.10, 6.6.0, 6.6.1, 6.6.2, 6.6.3, 6.6.4, 6.6.5, 6.6.6, 6.6.7, 6.6.8, 6.6.9, 6.6.10, 6.6.11, 6.6.12, 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.0.6, 7.0.7, 7.0.8, 7.0.9, 7.0.10, 7.0.11, 7.0.13, 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.1.4, 7.1.5, 7.1.6, 7.1.7, 7.1.8, 7.1.9, 7.1.10, 7.2.0, 7.2.1, 7.2.2, 7.2.3, 7.2.4, 7.2.5, 7.2.6, 7.2.7, 7.2.8, 7.2.9, 7.2.10, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, 7.3.5, 7.3.6, 7.3.7, 7.3.8, 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5, 8.0.6, 8.0.7, 8.1.0, 8.1.1

Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters