packetbeat is a passive protocol analyzer, reassembling tcp streams from network packets. No kafka protocol analyzer is implemented yet (but shouldn't be too hard). Alternatively one can use metricbeat kafka and zookeeper modules to pull some stats right from kafka.
- after the above packetbeat configuration, i have started the packetbeat service in debug mode, i dont see network socket from the process name into elasticsearch nor i am receiving in logstash.
Anything in logs? Logstash reachable? Please format logs, files and command lines using 3 backticks '`' to make them readable and keep format. I can not tell if your config file is correct or not without formatting.
2.i don't have idea how to mention cmdline_grep process name for kafka server from the /proc/pid/cmdline. i also tried mentioning the process name from /proc/pid/comm but it was given "java". can we mention java as process name in packetbeat.yml?
I don't quite understand what kind of problem you try to solve here.