Sending topbeat events to kafka

jstar · March 31, 2016, 7:16pm

Hi all,

I'm trying to send topbeat's events to kafka. This is what I have done so far, download the nightly version with

wget https://beats-nightlies.s3.amazonaws.com/topbeat/topbeat_5.0.0-nightlylatest_amd64.deb

then installed it with dpkg -i. I'm using the nightly version because that is the version that support kafka integration.

I then configured topbeat as follows

topbeat:
  period: 10

  procs: [".*"]

  stats:
    system: true

    proc: true

    filesystem: true

    cpu_per_core: false

output:
  ### kafka as output
  kafka:
    # The kafka hosts
    hosts: ["localhost:9092"]

    # kafka topic 
    topic: "toptopic"

shipper:
  fields_under_root: true
  fields:
    custom_field: my-custom_field

  output:
    console:
      pretty: true

logging:

  files:
    rotateeverybytes: 10485760 # = 10MB

When I try to consume the messages of the topic toptopic, I see nothing inside the topic. I know that the kafka plugin is actaully taken into consideration because when I go to the directory /etc/topbeat and run topbaet in the debug with the command

topbeat -c topbeat.yml  -e -d "*"

I see the follow in the logs

2016/03/31 18:29:34.324604 log.go:16: WARN kafka message: [Initializing new client]
2016/03/31 18:29:34.324695 log.go:12: WARN client/metadata fetching metadata for all topics from      broker [localhost:9092]
2016/03/31 18:29:34.325378 outputs.go:87: INFO Activated kafka as output plugin.
2016/03/31 18:29:34.325423 publish.go:231: DBG  Create output worker
2016/03/31 18:29:34.325488 publish.go:273: DBG  No output is defined to store the topology. The server fields might not be filled.
2016/03/31 18:29:34.325558 publish.go:287: INFO Publisher name: ip-172-31-42-120
2016/03/31 18:29:34.325713 async.go:70: INFO Flush Interval set to: 277777h46m40s
2016/03/31 18:29:34.325754 async.go:71: INFO Max Bulk Size set to: 2048
2016/03/31 18:29:34.325789 async.go:79: DBG  create bulk processing worker (interval=277777h46m40s, bulk size=2048)
2016/03/31 18:29:34.325888 beat.go:246: INFO topbeat start running.
 2016/03/31 18:29:34.342815 log.go:12: WARN Connected to broker at [localhost:9092] (unregistered)
2016/03/31 18:29:34.359540 log.go:12: WARN client/brokers registered new broker #[0 %!d(string=private_ip:9092)] at %!s(MISSING)
2016/03/31 18:29:34.359606 log.go:16: WARN kafka message: [Successfully initialized new client]

What am I missing.

Any helps will be welcoming.
Thanks very much.

jstar · March 31, 2016, 8:03pm

Hi
I finally get it working. Knowing that topbeat was supposed to publish its events to kafka, the trick was to remove the tags output

 output:
    console:
       pretty: true

In the configuration file of topbeat.

Hope this helps someone in the future.

Topic		Replies	Views
Recently upgraded to filebeat 5.0 for beat-->kafka output. Topbeat has the same? Beats	3	608	January 31, 2017
Filebeat not sending logs to kafka Beats filebeat	1	1006	April 17, 2018
Kafka formatting output Beats filebeat	2	550	April 12, 2017
Filebeat send data to kafka Beats	3	4134	July 5, 2017
Filebeat Kafka topic mappings Beats filebeat	1	283	June 17, 2020

Sending topbeat events to kafka

Related topics