I am fairly new to Splunk Hadoop Connect App. Have installed it on Splunk Enterprise on Ubuntu (16.04). Also using Apache Hadoop 2.8.1 in my environment to save data. I am able to connect, export, import and explore data from Splunk Hadoop Connect App successfully.
During scheduled exports to Hadoop, I observed that field names/column names are not included in the file saved on Hadoop. For e.g: I exported a search result (output format - CSV) to Hadoop. When i open the output file (saved on Hadoop), file has the required data but the field names/column names are missing. I was expecting the first line of the output file to have field names (E.g. SourceIP, SourcePort, DestinationIP, DestinationPort etc.)
Is this expectation wrong? If yes, is there a way, the field names can be exported during export as well (from Splunk Hadoop Connect App or any other way)?
Note: I tried exporting in XML and RAW format as well, but in each case field names are missing from the output file.
↧