Splunk® Supported Add-ons

Splunk Add-on for Kafka

Download manual as PDF

Download topic as PDF

Configure monitor inputs for the Splunk Add-on for Kafka

To monitor log files from your Kafka clusters, you need to have a forwarder or single instance of Splunk Enterprise installed directly on your Kafka machines.

If you use a heavy forwarder or single instance Splunk Enterprise, you can use Splunk Web to create monitor inputs. Otherwise, configure your inputs using a local/inputs.conf.

Configure monitoring through Splunk Web

Configure a file monitoring input on each Kafka machine.

  1. Log into Splunk Web.
  2. Select Settings > Data inputs > Files & directories.
  3. Click New.
  4. Click Browse next to the File or Directory field.
  5. Browse to or type the path to the log files generated by the Kafka server and click Next.
  6. Leave Sourcetype set to Automatic. The add-on assigns the correct source type based on the log file.
  7. Click Review.
  8. After you review the information, click Submit.
  9. Verify that the Splunk platform is receiving the log files by using the following search command.

sourcetype=kafka:*Log

Configure monitoring through inputs.conf

You can create an inputs.conf file and configure the monitor inputs in this file instead of using Splunk Web.

  1. Using a text editor, create a file named inputs.conf in the $SPLUNK_HOME/etc/apps/Splunk_TA_kafka/local folder.
  2. Add the following stanza. Do not include a source type, as the add-on assigns the correct source type automatically.
    [monitor:///<path_to_your_log_files>]
    disabled = 0
    
  3. Replace <path_to_your_log_files> with the correct path. By default, it is $KAFKA_HOME/logs. For example, var/apps/kafka/logs.
  4. Save the file.
  5. Restart the data collection node.
  6. Verify that the Splunk platform is receiving the log files by using the following search command.

    sourcetype=kafka:*Log

PREVIOUS
Inputs for the Splunk Add-on for Kafka
  NEXT
Configure JMX inputs for the Splunk Add-on for Kafka

This documentation applies to the following versions of Splunk® Supported Add-ons: released


Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters