Does Elastic Agent support kafka as an input?

If I have to send logs data from kafka topic of cisco ise logs for using CISO integration using elastic agent . how to setup that . As I am getting that kafka input is not supporting in elastic agent yaml .

Hi Priyanka,

Elastic agent supports ingesting kafka metrics/logs - that is data instrumenting the kafka cluster/service and it also supports kafka custom logs - that is, topic data from a kafka cluster.

Details are here:

Effectively, you'd have to add the desired kafka integration to your cluster, then go add that to the policy for your Agent.

Barring using the agent, logstash is an option as well.

Hope this helps,
-a

The short answer is no. Elastic Agent doesn't support reading Kafka topics as an input.

You would need to use Logstash to read the topic and forward to elasticsearch.

It does, it is the Custom Kafka Logs integration.

You can use this integration to read logs from Kafka Topics and by changing the dataset name it will reroute the events to the correct ingest pipeline.

Which version are you using? I'm on 8.15.2 and I have a couple of Elastic Agent running with Custom Kafka Logs integration getting some logs from Kafka topics, one of them is from Cisco ISE.

You would need first to install the assets of the Cisco ISE integration.

This will load the required templates and ingest pipelines.

Then you need to add a Custom Kafka Logs integration into an agent, point to your Kafka topic with ISE logs and then change the dataset to be cisco_ise.log.

I'm not sure how you do that on standalone agents as I use Fleet managed agents, but the configuration is something like this.

This will get the logs from the Kafka topic and send them to the correct ingest pipeline to parse it.

1 Like

@leandrojmp thanks for keeping me straight. I missed the release of that integration.

1 Like