Getting Data In

Is there a way to see the source file in Splunk for data indexed from HDFS using a virtual index?

sdaruna
Explorer

Hi,

As part of our work, we need to index configuration files and prepare reports on them for our client. We need to recreate existing reporting framework with Splunk and as part of this, we need to allow users to view specific configuration files as they might compare two different files or perform diff etc.

I would like to see if there is a way to view the whole file in a pop-up window in Splunk search? If there is no way defined, could you please provide me the way to achieve it.?

Tags (4)
0 Karma

MuS
SplunkTrust
SplunkTrust

Hi sdaruna,

I'm not sure if I understand your request completely....there is a way to show the source of search result:

After you ran your search, open the dropdown event menu (find the down arrow next to the event timestamp) and click Show Source from the Event Actions drop down.

alt text

Hope this helps ...

cheers, MuS

0 Karma

sdaruna
Explorer

Hi,

I could not see show source on my events. I am getting data indexed from HDFS using virtual index and i am running on my local trail version. Which on would ve been reason for not finding it.?

0 Karma

MuS
SplunkTrust
SplunkTrust

just search on index=_internal or any other index to try it. I don't have access to a virtual index to test it 😞

0 Karma

sdaruna
Explorer

Hi,

If i used local files, it works. But for the files in hdfs, it does not show the option "Show Source file"

0 Karma
Get Updates on the Splunk Community!

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...

What’s New in Splunk Security Essentials 3.8.0?

Splunk Security Essentials (SSE) is an app that can amplify the power of your existing Splunk Cloud Platform, ...

Let’s Get You Certified – Vegas-Style at .conf24

Are you ready to level up your Splunk game? Then, let’s get you certified live at .conf24 – our annual user ...