Configure monitor inputs for the Splunk Add-on for Kafka
To monitor log files from your Kafka clusters, you need to have a forwarder or single instance of Splunk Enterprise installed directly on your Kafka machines.
If you use a heavy forwarder or single instance Splunk Enterprise, you can use Splunk Web to create monitor inputs. Otherwise, configure your inputs using a local/inputs.conf.
Configure monitoring through Splunk Web
Configure a file monitoring input on each Kafka machine.
- Log into Splunk Web.
- Select Settings > Data inputs > Files & directories.
- Click New.
- Click Browse next to the File or Directory field.
- Browse to or type the path to the log files generated by the Kafka server and click Next.
- Leave Sourcetype set to Automatic. The add-on assigns the correct source type based on the log file.
- Click Review.
- After you review the information, click Submit.
- Verify that the Splunk platform is receiving the log files by using the following search command.
sourcetype=kafka:*Log
Configure monitoring through inputs.conf
You can create an inputs.conf file and configure the monitor inputs in this file instead of using Splunk Web.
- Using a text editor, create a file named
inputs.confin the$SPLUNK_HOME/etc/apps/Splunk_TA_kafka/localfolder. - Add the following stanza. Do not include a source type, as the add-on assigns the correct source type automatically.
[monitor:///<path_to_your_log_files>] disabled = 0
- Replace <path_to_your_log_files> with the correct path. By default, it is
$KAFKA_HOME/logs. For example,var/apps/kafka/logs. - Save the file.
- Restart the data collection node.
- Verify that the Splunk platform is receiving the log files by using the following search command.
sourcetype=kafka:*Log
Last modified on 01 June, 2018
| Inputs for the Splunk Add-on for Kafka | Configure JMX inputs for the Splunk Add-on for Kafka |
This documentation applies to the following versions of Splunk® Supported Add-ons: released
Download manual
Feedback submitted, thanks!