Home - News ( United States | United Kingdom | Italy | Germany ) - Football scores

Showing content from https://github.com/superstreamlabs/kafka-analyzer below:

superstreamlabs/kafka-analyzer: Interactive CLI for analyzing Kafka health and configuration according to best practices and industry standards.

Interactive CLI for analyzing Kafka health and configuration according to best practices and industry standards.

Made with ❤️ by the Superstream Team

• Features
• Prerequisites
• Installation
• Quick Start
• Configuration File Examples
• Email Collection
• Output Formats
• Health Checks
• Required Permissions
• Analytics & Location Tracking
• Validation Process
• Output Structure
• Development
• Testing
• Configuration Reference
• Troubleshooting
• License
• Contributing
• Support

• Interactive CLI Interface - User-friendly prompts for configuration
• Configuration File Support - Load settings from JSON config files
• Multi-Layer Validation - Comprehensive connection and security testing
• Security Protocol Support - PLAINTEXT, SSL/TLS, SASL, and OIDC authentication
• Multiple Output Formats - JSON, CSV, HTML, and TXT reports
• Real-time Progress - Visual feedback during analysis
• Error Handling - Detailed troubleshooting information
• Cross-platform - Works on Windows, macOS, and Linux

• Node.js 16.0.0 or higher
• Access to a Kafka cluster

No installation required! Run directly with npx:

npm install -g superstream-kafka-analyzer

# Interactive mode (recommended for first-time users)
npx superstream-kafka-analyzer

# Using a configuration file
npx superstream-kafka-analyzer --config config.json

Available Examples: The full list is under the ./config-examples/ folder:

• Basic Configuration - Simple localhost setup
• SASL Authentication - Generic SASL setup
• Apache Kafka - Apache Kafka with SASL
• Apache Kafka (Plaintext) - Apache Kafka without authentication
• Apache Kafka (SCRAM) - Apache Kafka with SCRAM authentication
• AWS MSK (IAM) - AWS MSK with IAM authentication
• AWS MSK (SCRAM) - AWS MSK with SCRAM authentication
• Confluent Cloud - Confluent Cloud setup
• Confluent Platform - Confluent Platform setup
• Aiven Kafka - Aiven Kafka setup
• Redpanda - Redpanda setup
• OIDC Authentication - OpenID Connect authentication
• Azure AD OAuth - Azure Active Directory
• Keycloak OAuth - Keycloak OIDC
• Okta OAuth - Okta OIDC
• Auth0 OIDC - Auth0 authentication
• Generic OAuth - Generic OAuth provider
• With Timestamp - Include timestamp in filenames
• Without Timestamp - No timestamp in filenames

Basic Configuration (config.example.json):

{
  "kafka": {
    "bootstrap_servers": "localhost:9092",
    "clientId": "superstream-analyzer",
    "vendor": "apache",
    "useSasl": false
  },
  "file": {
    "outputDir": "./kafka-analysis",
    "formats": ["html"],
    "includeMetadata": true,
    "includeTimestamp": true
  },
  "email": "user@example.com"
}

SASL Authentication (config.example.sasl.json):

{
  "kafka": {
    "bootstrap_servers": ["kafka1.example.com:9092", "kafka2.example.com:9092", "kafka3.example.com:9092"],
    "clientId": "superstream-analyzer",
    "vendor": "apache",
    "useSasl": true,
    "sasl": {
      "mechanism": "PLAIN",
      "username": "your-username",
      "password": "your-password"
    }
  },
  "file": {
    "outputDir": "./kafka-analysis",
    "formats": ["html"],
    "includeMetadata": true,
    "includeTimestamp": true
  },
  "email": "user@example.com"
}

AWS MSK with SCRAM (config.example.aws-msk.json):

{
  "kafka": {
    "bootstrap_servers": ["b-1.your-cluster.abc123.c2.kafka.us-east-1.amazonaws.com:9092"],
    "clientId": "superstream-analyzer",
    "vendor": "aws-msk",
    "useSasl": true,
    "sasl": {
      "mechanism": "SCRAM-SHA-512",
      "username": "your-msk-username",
      "password": "your-msk-password"
    }
  },
  "file": {
    "outputDir": "./kafka-analysis",
    "formats": ["html"],
    "includeMetadata": true,
    "includeTimestamp": true
  },
  "email": "user@example.com"
}

AWS MSK with IAM (config.example.aws-msk-iam.json):

{
  "kafka": {
    "bootstrap_servers": ["b-1.your-cluster.abc123.c2.kafka.us-east-1.amazonaws.com:9198"],
    "clientId": "superstream-analyzer",
    "vendor": "aws-msk",
    "useSasl": true,
    "sasl": {
      "mechanism": "oauthbearer"
    }
  },
  "file": {
    "outputDir": "./kafka-analysis",
    "formats": ["html"],
    "includeMetadata": true,
    "includeTimestamp": true
  },
  "email": "user@example.com"
}

Confluent Cloud (config.example.confluent-cloud.json):

{
  "kafka": {
    "brokers": ["pkc-xxxxx.region.cloud:9092"],
    "clientId": "superstream-analyzer",
    "vendor": "confluent-cloud",
    "useSasl": true,
    "sasl": {
      "mechanism": "PLAIN",
      "username": "your-api-key",
      "password": "your-api-secret"
    }
  },
  "file": {
    "outputDir": "./kafka-analysis",
    "formats": ["html"],
    "includeMetadata": true,
    "includeTimestamp": true
  },
  "email": "user@example.com"
}

Note: Confluent Cloud connections now use the official Confluent Cloud methodology with @confluentinc/kafka-javascript library, SASL_SSL protocol, and PLAIN mechanism as recommended by Confluent.

Aiven Kafka (config.example.aiven-kafka.json):

{
  "kafka": {
    "brokers": ["kafka-xxxxx-aiven-kafka.aivencloud.com:12345"],
    "clientId": "superstream-analyzer",
    "vendor": "aiven",
    "useSasl": false,
    "ssl": {
      "ca": "path/to/ca.pem",
      "cert": "path/to/service.cert",
      "key": "path/to/service.key"
    }
  },
  "file": {
    "outputDir": "./kafka-analysis",
    "formats": ["json", "csv", "html", "txt"],
    "includeMetadata": true,
    "includeTimestamp": true
  },
  "email": "user@example.com"
}

{
  "kafka": {
    "bootstrap_servers": ["your-aiven-cluster.aivencloud.com:12345"],
    "clientId": "superstream-analyzer",
    "vendor": "aiven",
    "useSasl": true,
    "sasl": {
      "mechanism": "oauthbearer",
      "clientId": "your-client-id",
      "clientSecret": "your-client-secret",
      "host": "https://my-oauth-server.com",
      "path": "/oauth/token",
    }
  },
  "file": {
    "outputDir": "./kafka-analysis",
    "formats": ["html"],
    "includeMetadata": true,
    "includeTimestamp": true
  },
  "email": "user@example.com"
}

# Default for local development
npx superstream-kafka-analyzer
# Configure bootstrap servers as: localhost:9092

# With SASL credentials
npx superstream-kafka-analyzer
# Configure SASL mechanism and credentials when prompted

The analyzer supports modern OIDC authentication with any OIDC-compliant identity provider including Azure AD, Keycloak, Okta, Auth0, and others.

# With OIDC authentication
npx superstream-kafka-analyzer --config config-oidc.json

Key Features:

• Auto-discovery: Automatically discovers OIDC endpoints using well-known discovery documents
• Token validation: Optional JWT token validation using JWKS
• Multiple grant types: Support for client_credentials, password, and authorization_code flows
• Token caching: Automatic token caching to reduce authentication overhead
• Vendor-specific presets: Built-in configurations for popular providers

Quick Example:

{
  "kafka": {
    "brokers": ["kafka.example.com:9093"],
    "vendor": "oidc",
    "useSasl": true,
    "sasl": {
      "mechanism": "oauthbearer",
      "discoveryUrl": "https://auth.example.com/.well-known/openid-configuration",
      "clientId": "your-client-id",
      "clientSecret": "your-client-secret",
      "scope": "openid kafka:read",
      "grantType": "client_credentials"
    }
  }
}

📚 For detailed OIDC setup instructions, see:

• OIDC Authentication Guide - Complete setup guide with examples for all major providers
• Configuration Examples - Vendor-specific configuration templates

The tool generates comprehensive reports including:

• ZooKeepers details
• Broker information (host, port, rack)
• Analysis timestamp

• Total topics and partitions
• User vs internal topics
• Replication factor distribution
• Topic configurations
• Error detection

Complete structured data including all cluster and topic information.

📄 View Example JSON Report

Tabular data for easy analysis in spreadsheet applications.

Beautiful formatted report with responsive design and styling.

📄 View Example HTML Report

Simple text summary for quick review.

📄 View Example TXT Report

The tool performs comprehensive health checks on your Kafka cluster to identify potential issues and provide recommendations:

• Replication Factor vs Broker Count: Ensures topics don't have replication factor > broker count
• Topic Partition Distribution: Checks for balanced partition distribution across topics
• Consumer Group Health: Identifies consumer groups with no active members
• Internal Topics Health: Verifies system topics are healthy
• Under-Replicated Partitions: Checks if topics have fewer in-sync replicas than configured
• Min In-Sync Replicas Configuration: Checks if topics have min.insync.replicas > replication factor
• AWS MSK Specific Health: Checks MSK system topics (_amazon_msk*, __consumer_offsets)
• Rack Awareness: Verifies rack awareness configuration for better availability
• Replica Distribution: Ensures replicas are evenly distributed across brokers
• Metrics Configuration: Checks Open Monitoring (port 11001) accessibility
• Logging Configuration: Verifies LoggingInfo configuration via AWS SDK
• Authentication Configuration: Detects if unauthenticated access is enabled (security risk)
• Quotas Configuration: Checks if Kafka quotas are configured and being used
• Payload Compression: Checks if payload compression is enabled on user topics
• Infinite Retention Policy: Checks if any topics have infinite retention policy enabled

• Replication Factor vs Broker Count: Ensures topics don't have replication factor > broker count
• Topic Partition Distribution: Checks for balanced partition distribution across topics
• Consumer Group Health: Identifies consumer groups with no active members
• Internal Topics Health: Verifies system topics are healthy
• Under-Replicated Partitions: Checks if topics have fewer in-sync replicas than configured
• Rack Awareness: Checks rack awareness configuration for better availability
• Replica Distribution: Ensures replicas are evenly distributed across brokers
• Metrics Configuration: Verifies metrics accessibility
• Logging Configuration: Confirms built-in logging availability
• Authentication Configuration: Detects if unauthenticated access is enabled (security risk)
• Quotas Configuration: Checks if Kafka quotas are configured and being used
• Payload Compression: Checks if payload compression is enabled on user topics
• Infinite Retention Policy: Checks if any topics have infinite retention policy enabled

• Replication Factor vs Broker Count: Ensures topics don't have replication factor > broker count
• Topic Partition Distribution: Checks for balanced partition distribution across topics
• Consumer Group Health: Identifies consumer groups with no active members
• Internal Topics Health: Verifies system topics are healthy
• Under-Replicated Partitions: Checks if topics have fewer in-sync replicas than configured
• Min In-Sync Replicas Configuration: Checks if topics have min.insync.replicas > replication factor
• Rack Awareness: Checks rack awareness configuration for better availability
• Replica Distribution: Ensures replicas are evenly distributed across brokers
• Metrics Configuration: Verifies metrics accessibility
• Logging Configuration: Confirms built-in logging availability
• Authentication Configuration: Detects if unauthenticated access is enabled (security risk)
• Quotas Configuration: Checks if Kafka quotas are configured and being used
• Payload Compression: Checks if payload compression is enabled on user topics
• Infinite Retention Policy: Checks if any topics have infinite retention policy enabled

• Replication Factor vs Broker Count: Ensures topics don't have replication factor > broker count
• Topic Partition Distribution: Checks for balanced partition distribution across topics
• Consumer Group Health: Identifies consumer groups with no active members
• Internal Topics Health: Verifies system topics are healthy
• Under-Replicated Partitions: Checks if topics have fewer in-sync replicas than configured
• Min In-Sync Replicas Configuration: Checks if topics have min.insync.replicas > replication factor
• Rack Awareness: Checks rack awareness configuration for better availability
• Replica Distribution: Ensures replicas are evenly distributed across brokers
• Metrics Configuration: Verifies JMX metrics configuration
• Logging Configuration: Checks log4j configuration
• Authentication Configuration: Detects if unauthenticated access is enabled (security risk)
• Quotas Configuration: Checks if Kafka quotas are configured and being used
• Payload Compression: Checks if payload compression is enabled on user topics
• Infinite Retention Policy: Checks if any topics have infinite retention policy enabled

• ✅ Pass: Configuration is healthy and optimal
• ⚠️ Warning: Configuration could be improved for better performance/security
• ❌ Failed: Critical issue that should be addressed
• ℹ️ Info: Informational message with recommendations

The tool performs comprehensive validation in multiple phases:

• Broker URL format validation
• File system permissions
• Output directory creation

• DNS resolution verification
• TCP connection testing
• Kafka cluster connectivity

• SASL authentication verification
• SSL/TLS certificate validation
• Credential testing

• End-to-end connection testing
• File system write permissions
• Output format generation testing

kafka-analysis/
├── analysis-2024-01-15-14-30-25.json
├── analysis-2024-01-15-14-30-25.csv
├── analysis-2024-01-15-14-30-25.html
└── analysis-2024-01-15-14-30-25.txt

superstream-analyzer/
├── bin/
│   └── index.js          # CLI entry point
├── src/
│   ├── cli.js            # Main CLI logic
│   ├── kafka-client.js   # Kafka connection and analysis
│   ├── file-service.js   # File output handling
│   ├── validators.js     # Validation framework
│   └── utils.js          # Utility functions
├── config.example.json   # Basic configuration example
├── config.example.sasl.json # SASL configuration example
└── package.json

# Clone and install dependencies
git clone <repository>
cd superstream-analyzer
npm install

# Run in development mode
npm run dev

# Test with local Kafka
npm run test:local

# Test with local Kafka cluster
npx . --config config.example.json

# Test with SASL authentication
npx . --config config.example.sasl.json

The tool includes comprehensive validation that will:

• Test network connectivity
• Verify authentication credentials
• Validate file system permissions
• Generate sample outputs

*Required if useSasl is true

Missing Vendor Field Error

• Error: "Missing 'vendor' field in kafka configuration"
• Solution: Add the appropriate vendor field to your configuration:
  • AWS MSK IAM: "vendor": "aws-msk"
  • Confluent Cloud: "vendor": "confluent-cloud"
  • Aiven: "vendor": "aiven"
  • Apache Kafka: "vendor": "apache"
  • Redpanda: "vendor": "redpanda"
• Why: The vendor field tells the tool how to handle vendor-specific authentication mechanisms

AWS MSK IAM Authentication Failed

• Error: "Failed to generate auth token" or "authenticationProvider is not a function"
• Solution:
  1. Ensure AWS credentials are properly configured:
     • Set AWS_ACCESS_KEY_ID and AWS_SECRET_ACCESS_KEY environment variables, OR
     • Include credentials in config file: "accessKeyId" and "secretAccessKey"
  2. Verify the IAM user has proper MSK permissions
  3. Check that the broker URLs are correct (should use port 9198 for IAM)
  4. Ensure the region matches your MSK cluster
• Why: AWS MSK IAM requires valid AWS credentials and proper IAM permissions

Connection Timeout

• Verify broker URLs are correct
• Check network connectivity
• Ensure firewall allows connections

Authentication Failed

• Verify SASL credentials
• Check SASL mechanism compatibility
• Ensure user has proper permissions

File System Errors

• Check write permissions for output directory
• Ensure sufficient disk space
• Verify directory exists and is writable

Validation Errors

• Review detailed error logs
• Check all configuration parameters
• Verify Kafka cluster is accessible

1. Run with verbose logging to see detailed error information
2. Check the validation logs for specific failure points
3. Verify your configuration file format matches the examples
4. Ensure your Kafka cluster is running and accessible

This project is licensed under the MIT License - see the LICENSE file for details.

1. Fork the repository
2. Create a feature branch
3. Make your changes
4. Add tests if applicable
5. Submit a pull request

For issues and questions:

• Check the troubleshooting section
• Review validation logs for specific errors
• Ensure configuration matches the examples provided
• Email us: team@superstream.ai

SuperStream Kafka Analyzer performs a comprehensive set of health checks on your Kafka cluster to help you identify issues and optimize your setup:

• Replication Factor vs Broker Count: Ensures topics do not have a replication factor greater than the number of brokers.
• Topic Partition Distribution: Checks for balanced partition distribution across topics.
• Consumer Group Health: Identifies consumer groups with no active members.
• Internal Topics Health: Verifies system topics are healthy.
• Under-Replicated Partitions: Checks if topics have fewer in-sync replicas than configured.
• Min In-Sync Replicas Configuration: Checks if topics have min.insync.replicas greater than replication factor.
• Vendor-Specific Checks: For AWS MSK, Confluent, Aiven, and Apache Kafka, checks for system topics and platform-specific best practices.
• Rack Awareness: Verifies rack awareness configuration for better availability.
• Replica Distribution: Ensures replicas are evenly distributed across brokers.
• Metrics Configuration: Checks if monitoring/metrics are properly configured.
• Logging Configuration: Verifies logging configuration for your Kafka deployment.
• Authentication Configuration: Detects if unauthenticated access is enabled (security risk).
• Quotas Configuration: Checks if Kafka quotas are configured and being used.
• Payload Compression: Checks if payload compression is enabled on user topics.
• Infinite Retention Policy: Checks if any topics have infinite retention policy enabled.

Each check provides a clear status (✅ Pass, ⚠️ Warning, ❌ Failed, ℹ️ Info) and actionable recommendations.

• No Data Shared: All analysis and health checks are performed locally on your machine. No Kafka data, credentials, or cluster information is ever sent to any external server.
• Local-Only: The tool does not transmit, store, or share your Kafka messages, topic data, or configuration outside your environment.
• Optional Analytics: Anonymous usage analytics (such as error events and feature usage) are sent only if enabled, and never include sensitive Kafka data. You can disable analytics by setting SUPERSTREAM_ANALYTICS=false.
• Email collection: We're collecting email addresses to help the Superstream team better understand the types of companies using our tool. This insight will guide us in shaping a commercial version that meets real needs. While we're deeply committed to supporting the community, gaining even basic marketing insights is essential for us to justify the time and resources required to sustain and grow this project. Your email address will never be shared, and we don’t believe in cold emails or unsolicited marketing. We only reach out if you’ve clearly opted in or asked.

Your security and privacy are our top priority. Everything runs locally and securely by default.

To perform all health checks, your user/service account must have the following permissions for each vendor:

• AWS IAM Permissions:
  • kafka:DescribeCluster
  • kafka:DescribeConfiguration
  • kafka:ListClusters
  • kafka:ListNodes
  • (Optional for advanced checks) kafka:ListConfigurations, kafka:ListKafkaVersions
• Kafka Permissions:
  • Describe and List on all topics and consumer groups
  • DescribeConfigs on brokers and topics
  • Read/Consume on topics (required for consumer group health and producer compression checks)

• API Key/Secret Permissions:
  • CloudClusterAdmin or equivalent role
  • Describe and List on all topics and consumer groups
  • DescribeConfigs on brokers and topics
  • Read/Consume on topics (required for consumer group health and producer compression checks)

• Service Account/User Permissions:
  • Describe and List on all topics and consumer groups
  • DescribeConfigs on brokers and topics
  • Read/Consume on topics (required for consumer group health and producer compression checks)

• Kafka User Permissions:
  • Describe and List on all topics and consumer groups
  • DescribeConfigs on brokers and topics
  • Read/Consume on topics (required for consumer group health and producer compression checks)

Note:

• Some checks (like logging, quotas, and metrics) require admin-level access to the Kafka Admin API or cloud provider API.
• For AWS MSK, you must also have valid AWS credentials configured in your environment.
• If you only have limited permissions, some health checks may be skipped or show warnings.

RetroSearch is an open source project built by @garambo | Open a GitHub Issue

Search and Browse the WWW like it's 1997 | Search results from DuckDuckGo

HTML: 3.2 | Encoding: UTF-8 | Version: 0.7.4