Virtual index configuration variables
Splunk Analytics for Hadoop reaches End of Life on January 31, 2025.
When you configure a virtual index, Splunk Analytics for Hadoop automatically sets a number of configuration variables. You can use the preset variables, or you can modify them as needed by editing the index.
- For more information about editing them in the configuration file, see Set up a provider and virtual index in the configuration file.
- For information about editing providers in Splunk Web, see Add or edit a virtual index in the user interface.
- For information about setting provider configuration variables for YARN, see Required configuration variables for YARN.
Setting: | Use it to: |
---|---|
vix.input.[N].path
|
Provide a path in HDFS that contains wildcards and/or ends with ... which specifies the data for this index. Paths ending with "..." will recursively check directories in the path for data. |
vix.input.[N].accept
|
Determine the regex that files/paths should match. |
vix.input.[N].ignore
|
Determines the regex that excludes files/paths. These values take precedence over vix.input.[N].accept values.
|
Variables for extracting earliest/latest timebounds based from the path (earliest time):
Setting: | Use it to: |
---|---|
vix.input.[N].et.regex
|
Determine a regex to extract time components. All capturing groups are concatenated and interpreted using format provided in the next row. |
vix.input.[N].et.format
|
Provide the date/time format to use when interpreting the string built with the above regex. This value can be set to "epoch" to interpret the time as seconds. For more information on the format, see here |
vix.input.[N].et.value
|
epoch time in milliseconds:
|
vix.input.[N].et.offset
|
Set the amount of time (in seconds) to add to the resulting time. |
vix.input.[N].et.timezone
|
Determine the timezone in which to interpret the extracted time. E.g. "America/Los_Angeles" or "GMT-8:00" more info |
Variables for extracting earliest/latest timebounds based from the path (latest time):
Setting: | Use it to: |
---|---|
vix.input.[N].lt.regex
|
Determine the regex to extract time components. All capturing groups are concatenated and interpreted using format: |
vix.input.[N].lt.format
|
Determine the date/time format for interpreting the string built with the above regex. Can be set to "epoch" to interpret the time as seconds. For more info on the format see here |
vix.input.[N].lt.value
|
epoch time in milliseconds:
|
vix.input.[N].lt.offset
|
Set the amount of time (in seconds) to add to the resulting time. |
vix.input.[N].lt.timezone
|
To set the timezone in which to interpret the extracted time. E.g. "America/Los_Angeles" or "GMT-8:00" more info |
Provider Configuration Variables | Virtual archive index configuration variables |
This documentation applies to the following versions of Splunk® Enterprise: 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.0.6, 7.0.7, 7.0.8, 7.0.9, 7.0.10, 7.0.11, 7.0.13, 7.1.0, 7.1.1, 7.1.2, 7.1.3, 7.1.4, 7.1.5, 7.1.6, 7.1.7, 7.1.8, 7.1.9, 7.1.10, 7.2.0, 7.2.1, 7.2.2, 7.2.3, 7.2.4, 7.2.5, 7.2.6, 7.2.7, 7.2.8, 7.2.9, 7.2.10, 7.3.0, 7.3.1, 7.3.2, 7.3.3, 7.3.4, 7.3.5, 7.3.6, 7.3.7, 7.3.8, 7.3.9, 8.0.0, 8.0.1, 8.0.2, 8.0.3, 8.0.4, 8.0.5, 8.0.6, 8.0.7, 8.0.8, 8.0.9, 8.0.10, 8.1.0, 8.1.1, 8.1.2, 8.1.3, 8.1.4, 8.1.5, 8.1.6, 8.1.7, 8.1.8, 8.1.9, 8.1.10, 8.1.11, 8.1.12, 8.1.13, 8.1.14, 8.2.0, 8.2.1, 8.2.2, 8.2.3, 8.2.4, 8.2.5, 8.2.6, 8.2.7, 8.2.8, 8.2.9, 8.2.10, 8.2.11, 8.2.12, 9.0.0, 9.0.1, 9.0.2, 9.0.3, 9.0.4, 9.0.5, 9.0.6, 9.0.7, 9.0.8, 9.0.9, 9.0.10, 9.1.0, 9.1.1, 9.1.2, 9.1.3, 9.1.4, 9.1.5, 9.1.6, 9.1.7, 9.2.0, 9.2.1, 9.2.2, 9.2.3, 9.2.4, 9.3.0, 9.3.1, 9.3.2
Feedback submitted, thanks!