For AI agents: A markdown version of this page is available at https://docs.datadoghq.com/data_streams/kafka/setup.md. A documentation index is available at /llms.txt.

Kafka Monitoring Setup

This product is not supported for your selected Datadog site. ().

This page covers the prerequisites and setup steps for Data Streams Monitoring’s Kafka Monitoring.

Prerequisites

Datadog Agent version

Datadog Agent version 7.78 or later is required.

ACL permissions

If your Kafka cluster uses ACLs, the Datadog Agent user requires the following minimum permissions:

Resource NameResource TypeOperation
kafka-clusterCLUSTERDescribe
kafka-clusterCLUSTERDescribeConfigs
*TOPICDescribe
*TOPICDescribeConfigs
*GROUPDescribe

Setup

Go to the Kafka Monitoring setup page and click Get Started. Then choose your environment and follow the instructions. To request assistance, choose Request a pairing session.

The Kafka Monitoring setup dialog showing environment selection, security protocol, schema registry options, and Kubernetes configuration instructions

The setup page provides environment-specific configuration instructions. You can copy the instructions directly to an AI agent with Copy for AI.

Enable message inspection

This section applies only if you want to view Kafka message payloads in the Messages section. Skip it if you do not plan to use message inspection.

Additional ACL permission

In addition to the ACL permissions listed in Prerequisites, the Datadog Agent user requires:

Resource NameResource TypeOperation
*TOPICRead

Remote configuration

Remote configuration must be enabled at three levels:

  1. At the organization level.
  2. At the Agent level.
  3. At the API key level.

User permission

To view Kafka messages, a user must have the Data Streams Monitoring Capture Messages permission.

You can verify your current permissions on your Profile page. To enable permissions, edit an existing role or create a role on the Roles page. If you do not have permission to modify roles, contact your organization’s administrator.

1. Create a role

  1. Navigate to the Roles page in Datadog.
  2. Click + New Role in the top-right corner.
    If you see "Read Only" instead of the "+ New Role button", you don't have permission to create roles. Contact your Datadog administrator for assistance.
  3. Enter a descriptive name for your role (for example, “Data Streams Messages Access”).
  4. In the Search Permissions field, type Data Streams Monitoring Capture Messages.
  5. Select the permission from the search results to enable it for this role.
  6. Click Save.
  7. Confirm your role was created successfully by searching for it in the roles list.

2. Assign the role to users

  1. Go to the Users page in Datadog.
  2. Find and click on the user you want to assign the role to.
  3. In the user details panel, click Edit next to their name.
    If you don't see an Edit button, you need administrator privileges to modify user roles. Contact your Datadog administrator.
  4. In the modal that opens, locate the Roles section.
  5. Add your newly created role to the user.
  6. Click Save.
  7. Look for a User updated confirmation message to verify the change was successful.