Maybe this question sounds naive, but what is the difference between both the Kafka Messaging Modular Input and the Splunk Add-on for Kafka?
I believe both are for extracting the messages from broker and indexing it. Can anyone please correct me if I am wrong?
Also, how do I configure the Kafka Messaging Modular Input developed by Damien? I have not found any clear documentation pertaining to its configuration.
Looks to me like the Splunk add-on is for monitoring the performance of Kafaka, but the modular input is used to index data from kafka.
Personally, I'd like to see a streaming modular input, which allows me to read it, without indexing it (and maybe I'll win the lottery, right?)
Looks to me like the Splunk add-on is for monitoring the performance of Kafaka, but the modular input is used to index data from kafka.
Personally, I'd like to see a streaming modular input, which allows me to read it, without indexing it (and maybe I'll win the lottery, right?)
The Splunk supported add-on is also able to index Kafka payloads. http://docs.splunk.com/Documentation/AddOns/latest/Kafka/Configuremodularinputs
Thanks jcoates for the reply. So I have configured kafka add-on from CLI. But can you tell me the command to run it in SplunkWeb GUI.
Also,
Can I able to write correlation rules on it?
Basically I have 30 kafka topics that is to be streamed into splunk. My aim is only to insert the payload in splunk and have correlation rules on it.