Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Can a Splunk forwarder send data to Apache Kafka and then to our Splunk cluster? Bonus: Are heavy forwarders deprecated?

ESMaletMa
Explorer
‎08-14-2017 03:18 AM

Hi

Due to architecture reasons I need to use Apache Kafka as a message broker between Splunk Forwarders and Splunk cluster.

So, the data flow would be something like:

Splunk Forwarder ----(SSL)---> Kafka Topic ----(SSL)---> Splunk Indexers

So my questions would be:

  1. Can Splunk forwarder send data directly to Kafka topic? I see the same question in 2015, we are in 2017. The answer was NO. Is it the same answer today?

    https://answers.splunk.com/answers/234448/can-splunk-forwarder-universalheavyweight-send-dat.html?ut...

  2. I see that Indexers can read from Kafka using modular inputs or add-ons so, this point shouldn't be a problem.

  3. Can Splunk send data to Kafka topic? (in order for instance to send alerts to other platforms) I see the answer is no, is it correct in 2017:

    https://answers.splunk.com/answers/551309/can-i-export-data-from-splunk-to-kafka-topic-with-1.html?u...

Both links above suggest use Heavy Forwarders. Are Heavy Forwarders deprecated? I have heard that. Is it recommended to use them to provide a solution for this?

Thanks

Reply

rdagan_splunk
Splunk Employee
Splunk Employee
‎10-20-2017 09:36 AM

Hi, Although this data is not cooked (it does not contained timestamp, host, etc ..) you can send data to third party: https://docs.splunk.com/Documentation/Splunk/latest/Forwarding/Forwarddatatothird-partysystemsd
From there send it to Kafka.

0 Karma
Reply

ddrillic
Ultra Champion
‎08-14-2017 06:39 PM

A similar discussion at Can splunk forwarder (Universal/Heavyweight) send data to Kafka Topic?

0 Karma
Reply

ddrillic
Ultra Champion
‎08-14-2017 06:15 AM

I hear that people skip altogether the forwarders and use Kafka instead ... anybody has more insight into it?

0 Karma
Reply
Get Updates on the Splunk Community!

Devesh Logendran, Splunk, and the Singapore Cyber Conquest

At this year’s Splunk University, I had the privilege of chatting with Devesh Logendran, one of the winners in ...

There's No Place Like Chrome and the Splunk Platform

WATCH NOW!Malware. Risky Extensions. Data Exfiltration. End-users are increasingly reliant on browsers to ...

Customer Experience | Join the Customer Advisory Board!

Are you ready to take your Splunk journey to the next level? 🚀 We invite you to join our elite squad ...