Source types for the Splunk Add-on for Kafka
The Splunk Add-on for Kafka provides the index-time and search-time knowledge for Kafka logs, performance metrics, and raw events in the following formats.
| Data source | Source type | Description | Timestamp method | CIM compatibility |
|---|---|---|---|---|
| Kafka topic messages collected through a modular input | kafka:topicEvent
|
Kafka topic payload data | If available, timestamp is extracted from event raw data. Otherwise it is based on data index time. | None |
| Log files collected by monitoring files directly on Kafka servers. | kafka:controllerLog
|
Kafka controller logs | Timestamp extracted from log files | None |
kafka:serverLog
|
Kafka server logs | |||
kafka:stateChangeLog
|
The state change log of server | |||
kafka:requestLog
|
The client requests log | |||
kafka:logCleanerLog
|
Kafka server log cleaner service log | |||
kafka:zookeeperLog
|
Zookeeper service log | |||
kafka:serverGCLog
|
Kafka server garbage collection log | |||
| Performance data collected via the Splunk Add-on for JMX | kafka:clusterStats
|
Kafka cluster status | Timestamp is based on the index time | None |
kafka:common
|
Kafka version, basic configuration, etc. | None | ||
kafka:controllerStats
|
Kafka controller status | None | ||
kafka:logStats
|
The log status in Kafka | Performance | ||
kafka:networkStats
|
Network status in Kafka | Performance | ||
kafka:serverStats
|
Kafka server status | Application State, Change Analysis, Performance |
Last modified on 24 April, 2018
| About the Splunk Add-on for Kafka | Release notes for the Splunk Add-on for Kafka |
This documentation applies to the following versions of Splunk® Supported Add-ons: released
Download manual
Feedback submitted, thanks!