Are you a member of the Splunk Community?
- Find Answers
- :
- Apps & Add-ons
- :
- All Apps and Add-ons
- :
- Re: Kafka Messaging Modular Input: How to set up m...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Kafka Messaging Modular Input: How to set up multiple heavy forwarder agents on the same server to pull from the same Kafka topic?
I tried to set up multiple heavy forwarder agents on the same server pulling from a Kafka topic, but it appeared as if only one agent would take any load (I was monitoring agent via top cmd, java cpu load, maybe there is a better method, say via index=_internal?). I've done a similar thing with jms with success, but I wasn't able to get past 300 tps. I haven't tried the same thing over multiple servers yet, but I'm wondering if there is a obvious setting, maybe in the inputs.conf that I need to modify.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
What does your Kafka configuration (from inputs.conf) look like ?
Also, try the latest release of the Kafka Mod Input.It should perform better with the new HEC output option.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for the reply I'll try 8.1
here is the inputs.conf I'm currently using
[kafka://tsys_kafka_10.xxxx]
group_id = splunk
index = tsys
sourcetype = tsys_kafka
topic_name = splunk_auth_stream
zookeeper_connect_host = 10.xxxx
zookeeper_connect_port = 2181
[kafka://tsys_kafka_10.xxxx]
group_id = splunk
index = tsys
sourcetype = tsys_kafka
topic_name = splunk_auth_stream
zookeeper_connect_host = 10.xxx
zookeeper_connect_port = 2181
[kafka://tsys_kafka_10.xxxxx]
group_id = splunk
index = tsys
sourcetype = tsys_kafka
topic_name = splunk_auth_stream
zookeeper_connect_host = 10.xxxx
zookeeper_connect_port = 2181
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for the reply I'll try 8.1.
Here is the inputs.conf I'm currently using:
[kafka://tsys_kafka_10.xxxx]
group_id = splunk
index = tsys
sourcetype = tsys_kafka
topic_name = splunk_auth_stream
zookeeper_connect_host = 10.xxxx
zookeeper_connect_port = 2181
[kafka://tsys_kafka_10.xxxx]
group_id = splunk
index = tsys
sourcetype = tsys_kafka
topic_name = splunk_auth_stream
zookeeper_connect_host = 10.xxx
zookeeper_connect_port = 2181
[kafka://tsys_kafka_10.xxxxx]
group_id = splunk
index = tsys
sourcetype = tsys_kafka
topic_name = splunk_auth_stream
zookeeper_connect_host = 10.xxxx
zookeeper_connect_port = 2181
Building Reliable Asset and Identity Frameworks in Splunk ES
Cloud Monitoring Console - Unlocking Greater Visibility in SVC Usage Reporting
Automatic Discovery Part 3: Practical Use Cases
