My pipeline is: Kerberized Kafka --> Logstash (hosted on a different server) --> Splunk. Can I replace the Logstash component with Kafka Connect ? From the documentation, what I understood is that if Kafka Connect is hosted on the same cluster as that of Kafka, that's quite possible. But I don't have that option right now, as our Kafka cluster is multi-tenant and hence not approved for additional processes on the cluster.
... View more
I have a field named '_@timestamp' in my data. When i search for this field, the result doesn't show up. May be because this is being treated as an internal field by Splunk. How to query for this field?
index::<> | fields _@timestamp time
Fields section resulted from 'search' only has time field but not _@timestamp
... View more