Splunk® Supported Add-ons

Splunk Add-on for Kafka

Download manual as PDF

Download topic as PDF

Source types for the Splunk Add-on for Kafka

The Splunk Add-on for Kafka provides the index-time and search-time knowledge for Kafka logs, performance metrics, and raw events in the following formats.

Data source Source type Description Timestamp method CIM compatibility
Kafka topic messages collected through a modular input kafka:topicEvent Kafka topic payload data If available, timestamp is extracted from event raw data. Otherwise it is based on data index time. None
Log files collected by monitoring files directly on Kafka servers. kafka:controllerLog Kafka controller logs Timestamp extracted from log files None
kafka:serverLog Kafka server logs
kafka:stateChangeLog The state change log of server
kafka:requestLog The client requests log
kafka:logCleanerLog Kafka server log cleaner service log
kafka:zookeeperLog Zookeeper service log
kafka:serverGCLog Kafka server garbage collection log
Performance data collected via the Splunk Add-on for JMX kafka:clusterStats Kafka cluster status Timestamp is based on the index time None
kafka:common Kafka version, basic configuration, etc. None
kafka:controllerStats Kafka controller status None
kafka:logStats The log status in Kafka Performance
kafka:networkStats Network status in Kafka Performance
kafka:serverStats Kafka server status Application State, Change Analysis, Performance
PREVIOUS
About the Splunk Add-on for Kafka
  NEXT
Release notes for the Splunk Add-on for Kafka

This documentation applies to the following versions of Splunk® Supported Add-ons: released


Comments

Hi Rdleetivo, you'll want to do your own overrides in props.conf to achieve what you are describing. See http://docs.splunk.com/Documentation/Splunk/6.3.3/Data/Advancedsourcetypeoverrides.

Rpille splunk, Splunker
March 22, 2016

Still no information on setting source types or extracting timestamp fields. Still fails to work anywhere nearly as well as ELK, etc.

Rdleetivo
March 21, 2016

Is there more information on how timestamp extraction from raw kafka topics is configured? How do I tell it the data format (e.g. JSON), the name of the timestamp field, and the format of the timestamp field value?

Rdleetivo
October 26, 2015

Was this documentation topic helpful?

Enter your email address, and someone from the documentation team will respond to you:

Please provide your comments here. Ask a question or make a suggestion.

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters