Splunk® Supported Add-ons

Splunk Add-on for Kafka

Source types for the Splunk Add-on for Kafka

The Splunk Add-on for Kafka provides the index-time and search-time knowledge for Kafka logs, performance metrics, and raw events in the following formats.

Data source Source type Description Timestamp method CIM compatibility
Kafka topic messages collected through a modular input kafka:topicEvent Kafka topic payload data If available, timestamp is extracted from event raw data. Otherwise it is based on data index time. None
Log files collected by monitoring files directly on Kafka servers. kafka:controllerLog Kafka controller logs Timestamp extracted from log files None
kafka:serverLog Kafka server logs
kafka:stateChangeLog The state change log of server
kafka:requestLog The client requests log
kafka:logCleanerLog Kafka server log cleaner service log
kafka:zookeeperLog Zookeeper service log
kafka:serverGCLog Kafka server garbage collection log
Performance data collected via the Splunk Add-on for JMX kafka:clusterStats Kafka cluster status Timestamp is based on the index time None
kafka:common Kafka version, basic configuration, etc. None
kafka:controllerStats Kafka controller status None
kafka:logStats The log status in Kafka Performance
kafka:networkStats Network status in Kafka Performance
kafka:serverStats Kafka server status Application State, Change Analysis, Performance
Last modified on 24 April, 2018
About the Splunk Add-on for Kafka   Release notes for the Splunk Add-on for Kafka

This documentation applies to the following versions of Splunk® Supported Add-ons: released


Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters