Splunk® Enterprise

Splunk Analytics for Hadoop

Acrobat logo Download manual as PDF


Acrobat logo Download topic as PDF

Meet Splunk Analytics for Hadoop

Splunk Analytics for Hadoop reaches End of Life on January 31, 2025.

Hadoop lets you store massive amounts of structured, polystructured and unstructured data, however extracting value from that data can be a challenging and time-consuming task.

Splunk Analytics for Hadoop lets you access data in remote Hadoop clusters via virtual indexes and allows you to use the Splunk Search Processing Language to analyze your data using Hadoop and NoSQL data stores.

  • Process, report, and visualize large amounts of structured, polystructured, and unstructured data.
  • Run combined reports on Hadoop data and data from your Splunk Enterprise indexes.
  • Use SDKs and apps with Hadoop data.

Due to the nature of how data is stored in Hadoop, there are certain Splunk Enterprise index behaviors that cannot be duplicated:

  • Splunk Analytics for Hadoop currently doesn't support real-time search of Hadoop data, although preview functionality and report acceleration is available.
  • Since events are not sorted in any particular order, any search command which depends on implicit time order will exhibit different behavior with Splunk Analytics for Hadoop. (For example: head, tail, delta, etc.) For more information about how certain timestamp-sensitive commands work with virtual indexes, see Search a virtual index in this manual.
  • Data is not always returned as quickly as data is returned for a local index.

To set up Splunk Analytics for Hadoop to work with your own HDFS data, see Install Splunk Analytics for Hadoop.

To learn about configuring and searching data in Splunk Web, see Search and report on virtual index data.

To learn more about how Splunk Analytics for Hadoop works, see Splunk Analytics for Hadoop concepts.

For searching, we also recommend the Splunk Enterprise Search Manual and Search Tutorial.

Last modified on 30 October, 2023
  NEXT
How Splunk Analytics for Hadoop returns reports on Hadoop data

This documentation applies to the following versions of Splunk® Enterprise: 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.0.6, 7.0.7, 7.0.8, 7.0.9, 7.0.10, 7.0.11, 7.0.13, 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.1.4, 7.1.5, 7.1.6, 7.1.7, 7.1.8, 7.1.9, 7.1.10, 7.2.0, 7.2.1, 7.2.2, 7.2.3, 7.2.4, 7.2.5, 7.2.6, 7.2.7, 7.2.8, 7.2.9, 7.2.10, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, 7.3.5, 7.3.6, 7.3.7, 7.3.8, 7.3.9, 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5, 8.0.6, 8.0.7, 8.0.8, 8.0.9, 8.0.10, 8.1.0, 8.1.1, 8.1.2, 8.1.3, 8.1.4, 8.1.5, 8.1.6, 8.1.7, 8.1.8, 8.1.9, 8.1.10, 8.1.11, 8.1.12, 8.1.13, 8.1.14, 8.2.0, 8.2.1, 8.2.2, 8.2.3, 8.2.4, 8.2.5, 8.2.6, 8.2.7, 8.2.8, 8.2.9, 8.2.10, 8.2.11, 8.2.12, 9.0.0, 9.0.1, 9.0.2, 9.0.3, 9.0.4, 9.0.5, 9.0.6, 9.0.7, 9.0.8, 9.1.0, 9.1.1, 9.1.2, 9.1.3, 9.2.0


Was this documentation topic helpful?


You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters