I configured the connection between Splunk (ver 6.5.2) and Kafka (ver 0.11) via the Splunk Add-on for Kafka (ver 1.1.0) following these steps:
- Added a Kafka Cluster in the Add-on by setting Kafka Cluster Name, Kafka Broker, partition offset set to earliest and the remaining fields left blank
- In the Data Inputs menu I selected Add New in the "Splunk Add-on for Kafka" row and:
1. added a Kafka Data Input Name
2. selected the previously created Kafka Cluster,
3. saw the correct list of topics in the cluster and selected a non-empty one
4. set the Kafka Partition Offset to earliest
5. selected a brand new index to write data to with proper writing and reading permissions to the app
When I search the index, it is empty (while performing a console consumer command in the environment I see all the logs in the selected topic).
What can it be?
... View more