I just recently attended the Splunk “BIG Data Bootcamp” in Chicago. This class was pretty amazing. We learned how Splunk uses Hunk to search Hadoop data that is sitting on a Hadoop distribution of your choice.
If you would like to install this on your laptop and play around with Hunk, I have attached the lab guide for you to use as a reference.
Here’s what you’ll need to get started.
Download these files to start your lab and install them on your laptop:
- Oracle Virtual Box = https://www.virtualbox.org/wiki/Downloads
- Hortonworks Sandbox 2.4 for VBox = http://hortonworks.com/downloads/
- Hunk 6.4 = https://www.splunk.com/en_us/download/hunk.html
A couple of very good videos that helps you understand Kibana which you will need to understand.
- 3.5 mins: Data Discovery in Kibana 4 https://youtu.be/1gnpzL9jBqY
- 3.5 mins: Timeline: Time Series Analytics for Kibana https://youtu.be/-sgZdW5k7eQ
One thing we did is spend a TON of time on ELK (now known as Elasticsearch) Don’t call it ELK anymore. NOW KNOWN as “Elasticssearch”
They really keyed in on a lot of the technical weaknesses of Elasticsearch as it compares to Splunk. I look to have more competitive information on this in a little.
- Objectives: Covering ElasticStack
- Confidence – Know what they are pushing.
- Learn the “Truth” as we know it. How does Splunk do those things?
- Win or Lose – What make the difference?
- Learn to run the build vs buy workshop (This is huge when competing against Elasticsearch)
- Understand the Elastic Stack, and the “devil in the Details”
- Understand the TCO Model’s critical details
- Handling Open Source Champions
Why are you looking at Elastic Stack? Ask the question to the customer. They will typically come back with its FREE and Opensource.
The biggest thing you all need to understand about Elastic Stack, is they have 1000+ source types and each of those sources types have 15 different data formats.
Unlike when you ingest data from Splunk it creates a list of interesting fields based on those source types. (Scheme on the fly for Splunk, don’t take that for granted)
In Elastic search, you have to manually create those fields for every source type and data format you are trying to gain insight too. It’s not automatic.
If you have hundreds of source types and each of those types have 15 data formats that’s months and months’ worth of work just to get setup. You’re still not searching anything. (Fast time to value with Splunk!!)
Here’s what we covered in the bootcamp.
Day 1:
1. Hunk Sales Overview
2. Hunk Technical Overview
• Lab 1: Setup Hunk with Yarn
3. Hive and Hunk
• Lab 2: Setup Hunk with Hive
4. Hunk Troubleshooting
5. under the Hood: Architecture & Search Processing
6. Hunk Performance Best Practes
• Lab 3: Configure HDFS date-Cme extracCon, Hunk Report AcceleraCon
Day 2:
7. Data Model AcceleraCon
• Lab 4: Hunk DMA
8. Hunk and Security
9. Hunk Archiving
• Lab 5: Hunk Archiving, Unified Search,Bucket Reader
10. Hunk with EMR
11. ERP with Hunk (MongoDB and Cassandra)
• Lab 6: Hunk app for MongoDB
• Lab 7 (Extra Credit): Ka]a Add-On Messages Payload
12. Big Data Bootcamp Assessment REAL TEST IS NO JOKE!
HUNK in a Nutshell – Several different products in the HUNK/Hadoop family for Splunk.
Hunk Vs. Enterprise Splunk.
LOVE this had to share. WHAT REALLY is HUNK???
Your Well-Shorn Friend,
Tyler Hunstad
Be the first to write a comment.