Solved: How to set up the Kafka Messaging Modular Input in...

glancaster · ‎10-20-2015

I'm trying to get this set up, but I'm a little mixed up... the directions mention:

Configuration

As this is a Modular Input , you can then configure your Kafka inputs via Manager->Data Inputs->Kafka. The field entry should be straightforward and intuitive for anyone with basic experience with Kafka / Zookeeper.

But I'm not seeing this as an option as we will need to distribute the app out to a forwarder and the app doesn't come with an inputs.conf or an inputs.conf.spec for a reference. I tried looking at this through the GUI on my Search Head, but there was also no option for a kafka input. I'm running Search Head Clustering which I assume is the issue. I'm not exactly sure what is needed, but I could certainly be missing something easy. Can anyone point me in the right direction?

Running 6.2.4

Damien_Dallimor · ‎10-20-2015

In a distributed environment , you should not install it on a SH / SH Cluster.

It certainly does come with with an inputs.conf.spec , otherwise it would never work.

$SPLUNK_HOME/etc/apps/kafka_ta/README/inputs.conf.spec

View solution in original post

Damien_Dallimor · ‎10-20-2015

In a distributed environment , you should not install it on a SH / SH Cluster.

It certainly does come with with an inputs.conf.spec , otherwise it would never work.

$SPLUNK_HOME/etc/apps/kafka_ta/README/inputs.conf.spec

glancaster · ‎10-21-2015

D'oh! Thanks Damien!

How to set up the Kafka Messaging Modular Input in a Splunk 6.2.4 search head clustering environment?

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases