Hi
Due to architecture reasons I need to use Apache Kafka as a message broker between Splunk Forwarders and Splunk cluster.
So, the data flow would be something like:
Splunk Forwarder ----(SSL)---> Kafka Topic ----(SSL)---> Splunk Indexers
So my questions would be:
1. Can Splunk forwarder send data **directly** to Kafka topic? I see the same question in 2015, we are in 2017. The answer was NO. Is it the same answer today?
https://answers.splunk.com/answers/234448/can-splunk-forwarder-universalheavyweight-send-dat.html?utm_source=typeahead&utm_medium=newquestion&utm_campaign=no_votes_sort_relev
2. I see that Indexers can read from Kafka using modular inputs or add-ons so, this point shouldn't be a problem.
3. Can Splunk send data to Kafka topic? (in order for instance to send alerts to other platforms) I see the answer is **no**, is it correct in 2017:
https://answers.splunk.com/answers/551309/can-i-export-data-from-splunk-to-kafka-topic-with-1.html?utm_source=typeahead&utm_medium=newquestion&utm_campaign=no_votes_sort_relev
Both links above suggest use **Heavy Forwarders**. Are Heavy Forwarders deprecated? I have heard that. Is it recommended to use them to provide a solution for this?
Thanks
↧