Solved: What is the difference between the Kafka Messaging...

maximus_reborn · ‎05-15-2016

Maybe this question sounds naive, but what is the difference between both the Kafka Messaging Modular Input and the Splunk Add-on for Kafka?
I believe both are for extracting the messages from broker and indexing it. Can anyone please correct me if I am wrong?

Also, how do I configure the Kafka Messaging Modular Input developed by Damien? I have not found any clear documentation pertaining to its configuration.

a212830 · ‎05-15-2016

Looks to me like the Splunk add-on is for monitoring the performance of Kafaka, but the modular input is used to index data from kafka.

Personally, I'd like to see a streaming modular input, which allows me to read it, without indexing it (and maybe I'll win the lottery, right?)

View solution in original post

a212830 · ‎05-15-2016

Looks to me like the Splunk add-on is for monitoring the performance of Kafaka, but the modular input is used to index data from kafka.

Personally, I'd like to see a streaming modular input, which allows me to read it, without indexing it (and maybe I'll win the lottery, right?)

jcoates_splunk · ‎05-18-2016

The Splunk supported add-on is also able to index Kafka payloads. http://docs.splunk.com/Documentation/AddOns/latest/Kafka/Configuremodularinputs

maximus_reborn · ‎05-19-2016

Thanks jcoates for the reply. So I have configured kafka add-on from CLI. But can you tell me the command to run it in SplunkWeb GUI.

Also,
Can I able to write correlation rules on it?
Basically I have 30 kafka topics that is to be streamed into splunk. My aim is only to insert the payload in splunk and have correlation rules on it.

What is the difference between the Kafka Messaging Modular Input and the Splunk Add-on for Kafka?

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

They're back! Join the SplunkTrust and MVP at .conf24

Enterprise Security Content Update (ESCU) | New Releases