All Apps and Add-ons

How to use Splunk for analytics on a huge volume of data?

dipu20
New Member

I have a use case where in we have around 0.5 TB of raw data coming in on daily basis that needs to be analyzed /searched
We have a Splunk Enterprise license , so was thinking to use Splunk for same, by storing this data on file system and then get those files indexed in Splunk. Just wondering if this is an efficient way.

Analysis done so far with other approaches:

1) Using Hunk (Can't go for a licensed solution. hence crossing this )
2) Using Splunk Analytics for Hadoop (I guess its just a new name for HUNK. We still need to get a license for this ?
Also it look like its an Add On so do we still need to purchase it or is it free to download.)
3) Storing data on HDFS and then using Splunk Hadoop Connect to index the hdfs data for searching.

Any suggestions w.r.t to these approaches will be helpful .

Thanks in advance

0 Karma

rdagan_splunk
Splunk Employee
Splunk Employee

Yes Hunk is the older name for Splunk Analytics for Hadoop. They are both licensed the same.
Splunk Analytics for Hadoop is already part of normal Splunk, so you do not need to install any additional Splunk software (you do need Hadoop and Java on the Search Head)
Using Splunk Hadoop Connect will copy the files from HDFS to Splunk indexers. Splunk Analytics for Hadoop will not index the data in Splunk, but will run MR jobs on the Hadoop cluster and will return the results.

0 Karma
Get Updates on the Splunk Community!

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...

What's new in Splunk Cloud Platform 9.1.2312?

Hi Splunky people! We are excited to share the newest updates in Splunk Cloud Platform 9.1.2312! Analysts can ...