icon/x Created with Sketch.

Splunk Cookie Policy

We use our own and third-party cookies to provide you with a great online experience. We also use these cookies to improve our products and services, support our marketing campaigns, and advertise to you on our website and other websites. Some cookies may continue to collect information after you have left our website. Learn more (including how to update your settings) here.
Accept Cookie Policy

Accept License Agreements

This app is provided by a third party and your right to use the app is in accordance with the license provided by that third-party licensor. Splunk is not responsible for any third-party apps and does not provide any warranty or support. If you have any questions, complaints or claims with respect to this app, please contact the licensor directly.

Thank You

Downloading Shuttl
SHA256 checksum (shuttl_084.tgz) 98dc4524aa2866f9263556ff254d74ebf9a303a00ed8cef108a1a150849a305a SHA256 checksum (shuttl_0831.tgz) 417d01f1424fa280428831a4f65a19f536f556c4d8faa32cbcf63573933f1936 SHA256 checksum (shuttl_081.tgz) 0fa43814a2732a4efe96175de82e5a49889dc02b1c0508dd31d23b3e4847093a SHA256 checksum (shuttl_080.tgz) 7c191411ba20b75a9cb1f8e59acf972ee8caaae93a35a00ef01aa7026d02caa1 SHA256 checksum (shuttl_072.tgz) 0c9b79f7be352e6d5d4d879d68ff44001c5a8d1860298ad1f5938365a74f22e3 SHA256 checksum (shuttl_063.tgz) 5f24c6116f8e06636aac784379b8e62b02d38fa904f0191e58ccb14a6dfc9380 SHA256 checksum (shuttl_062.tgz) e86eec9d67a5fd1550eea6e66b323291ee1e6c995498255015d0f1ad6d862a3c SHA256 checksum (shuttl_0611.tgz) 59ca638e9dc653ccc0041a0c5180fc1bc34e0546fce3cd08a38c7cc5c681368e
To install your download
For instructions specific to your download, click the Details tab after closing this window.

Flag As Inappropriate


Admins: Please read about Splunk Enterprise 8.0 and the Python 2.7 end-of-life changes and impact on apps and upgradeshere.
Big Data archiving and bulk data movement for Splunk. Supports HDFS, NFS, Amazon S3, and Amazon Glacier.

Shuttl provides data archive management for Splunk. It supports backend storage solutions such as: ApacheHDFS, Amazon S3, or NFS attached storage. Shuttl works on the bucket level, and leverages the standard Splunk mechanism for archiving data based on total data size or time expiration. Use of Shuttl eliminates the need for Splunk users to implement their own homegrown solution for bulk-moving data to storage backends.

In addition to Archiving, Shuttl is useful for both compliance needs of data retention, as well as improving performance of Splunk. Shuttl also supports archiving the data in CSV format, and therefore, when data is moved to HDFS, it opens up the data to other tools such as Apache Hive and Hadoop Map Reduce to do further data processing and analysis.

For more information see the following blog articles:

  • <http: blogs.splunk.com="" 2012="" 07="" 02="" shuttl-for-big-data-archiving=""/>
  • <http: blogs.splunk.com="" 2012="" 09="" 04="" unlocking-splunk-data-with-shuttl=""/>

Source code is available here: <https: github.com="" splunk="" splunk-shuttl="">

Quickstart Guide is available here: <https: github.com="" splunk="" splunk-shuttl="" wiki="" quickstart-guide="">

Setup video is available here: <http: www.youtube.com="" watch?v="OP7IYNVR5ms">

For feedback, please email shuttl-dev at splunk.com.

Release Notes

Version 0.8.4
May 9, 2013

Now comes with both coldToFrozen AND warmToCold transfer retries!
This means that all failed transfers/shuttl's will be retried periodically (default every 60 secs), instead of "everytime any bucket is shuttl'ed".

User happiness is expected to go up by 137%!

May 2, 2013

Automatically retries to transfer coldToFrozen failures every 60 secs (configurable)

Version 0.8.1
March 12, 2013

* Fixed bug where if an indexer (which is a search peer) does not have Shuttl installed, the resulting error would result in missing values in the UI.
* Further tests on Hadoop 1.1.1

Version 0.8.0
March 1, 2013

Splunk Shuttl 0.8.0 release is another major milestone release.

The main new feature is distributed Shuttl operations from the Splunk Search Head. This means that all Shuttl operations will operate on the entire cluster, and not on a per-indexer basis.

Actions include:
* Listing of archived buckets
* Thawing of archived buckets
* Flushing of archived buckets

There is no special configuration that needs to be done on the Search Head. Shuttl when installed on a Search Head will query the Search Head for all Search Peers (the Search Peers should all have Shuttl installed of course), and all Shuttl operations will be distributed operations.

Extensive testing has been done for distributed failure scenarios. However, if problems are encountered, please report them ASAP for them to be addressed.

Happy Shuttling!

Version 0.7.2
Jan. 2, 2013

Shuttl version 0.7.2 represents a significant leap in functionality. Thanks to our robust user base for the feature request ideas. Now, Shuttl is easier to setup, supports a new backend (Glacier), reduced archive latency, and full support for the latest Splunk 5.0.

In summary, new features include:

- Amazon Glacier storage! Amazon Glacier is an extremely low-cost storage service that provides secure and durable storage for data archiving and backup.
- Splunk 5.0 Clustering Support. Since Splunk replicates buckets, when archiving, any archiving script will by default get duplicate buckets. Shuttl will dedup buckets and not waste storage space.
- Shuttl now will move data when buckets are moved to cold. This means significantly reduced latency times, and data that is shuttled is also still available for search by Splunk!
- New simpler and easier configuration! and a script to test out backends, to verify the configuration is correct, without going through the whole exercise of indexing data and forcing a bucket roll.

Version 0.6.3
Sept. 12, 2012

* Shuttl tested on CDH3. There is a wirelevel incompatibility with CDH and Apache, so there's documents on how to configure Shuttl to work with CDH3 on the github wiki. https://github.com/splunk/splunk-shuttl/wiki/System-Requirements

* Fix spurious error message when a thaw request is issued while thaw is in progress. No duplicates happen, and all requests are serviced.

* Simplified the failed bucket transfer dashboard.

* When doing thaw operation, the UI can "return" and list a table, before the thaw action completes - Fix is to do thaw operation asynchronously, so the UI returns immediately, while job happens in background.

* Amazon S3 tested, and works with no code change - slight display issue for bucket sizes in the UI, bug filed.

Version 0.6.2
Sept. 7, 2012

* Support for Flushing of Thawed Splunk Buckets via the UI

Known Issues being worked on:
* Quirks in the Thaw request UI
* S3 is not yet tested
* Failed buckets dashboard may report false failures

Sept. 7, 2012


Subscribe Share

AppInspect Tooling

Splunk AppInspect evaluates Splunk apps against a set of Splunk-defined criteria to assess the validity and security of an app package and components.

Are you a developer?

As a Splunkbase app developer, you will have access to all Splunk development resources and receive a 10GB license to build an app that will help solve use cases for customers all over the world. Splunkbase has 1000+ apps and add-ons from Splunk, our partners and our community. Find an app or add-on for most any data source and user need, or simply create your own with help from our developer portal.

Follow Us:
© 2005-2020 Splunk Inc. All rights reserved.
Splunk®, Splunk>®, Listen to Your Data®, The Engine for Machine Data®, Hunk®, Splunk Cloud™, Splunk Light™, SPL™ and Splunk MINT™ are trademarks and registered trademarks of Splunk Inc. in the United States and other countries. All other brand names, product names, or trademarks belong to their respective owners.