---
title: Kafka Monitoring Setup
description: >-
  Set up Data Streams Monitoring's Kafka Monitoring, including prerequisites,
  Agent configuration, and the additional steps required to inspect Kafka
  messages.
breadcrumbs: Docs > Data Streams Monitoring > Kafka Monitoring > Kafka Monitoring Setup
---

# Kafka Monitoring Setup

{% callout %}
# Important note for users on the following Datadog sites: app.ddog-gov.com, us2.ddog-gov.com

{% alert level="danger" %}
This product is not supported for your selected [Datadog site](https://docs.datadoghq.com/getting_started/site.md). ().
{% /alert %}

{% /callout %}

This page covers the prerequisites and setup steps for Data Streams Monitoring's Kafka Monitoring.

## Prerequisites{% #prerequisites %}

### Datadog Agent version{% #datadog-agent-version %}

Datadog Agent version 7.78 or later is required.

### ACL permissions{% #acl-permissions %}

If your Kafka cluster uses ACLs, the Datadog Agent user requires the following minimum permissions:

| Resource Name   | Resource Type | Operation         |
| --------------- | ------------- | ----------------- |
| `kafka-cluster` | `CLUSTER`     | `Describe`        |
| `kafka-cluster` | `CLUSTER`     | `DescribeConfigs` |
| `*`             | `TOPIC`       | `Describe`        |
| `*`             | `TOPIC`       | `DescribeConfigs` |
| `*`             | `GROUP`       | `Describe`        |

## Setup{% #setup %}

Go to the [Kafka Monitoring setup page](https://app.datadoghq.com/data-streams/kafka/setup) and click Get Started. Then choose your environment and follow the instructions. To request assistance, choose Request a pairing session.

{% image
   source="https://docs.dd-static.net/images/data_streams/kafka_setup-2.37e9d3d8dc59177d8b966d26ac5c069a.png?auto=format&fit=max&w=850 1x, https://docs.dd-static.net/images/data_streams/kafka_setup-2.37e9d3d8dc59177d8b966d26ac5c069a.png?auto=format&fit=max&w=850&dpr=2 2x"
   alt="The Kafka Monitoring setup dialog showing environment selection, security protocol, schema registry options, and Kubernetes configuration instructions" /%}

The setup page provides environment-specific configuration instructions. You can copy the instructions directly to an AI agent with Copy for AI.

## Enable message inspection{% #enable-message-inspection %}

This section applies only if you want to view Kafka message payloads in the Messages section. Skip it if you do not plan to use message inspection.

### Additional ACL permission{% #additional-acl-permission %}

In addition to the ACL permissions listed in Prerequisites, the Datadog Agent user requires:

| Resource Name | Resource Type | Operation |
| ------------- | ------------- | --------- |
| `*`           | `TOPIC`       | `Read`    |

### Remote configuration{% #remote-configuration %}

[Remote configuration](https://docs.datadoghq.com/remote_configuration.md) must be enabled at three levels:

1. At the [organization level](https://app.datadoghq.com/organization-settings/remote-config).
1. At the [Agent level](https://docs.datadoghq.com/remote_configuration.md#enable-remote-configuration).
1. At the [API key level](https://docs.datadoghq.com/account_management/api-app-keys.md).

### User permission{% #user-permission %}

To view Kafka messages, a user must have the `Data Streams Monitoring Capture Messages` permission.

You can verify your current permissions on your [Profile page](https://app.datadoghq.com/personal-settings/profile). To enable permissions, edit an existing role or create a role on the [Roles page](https://app.datadoghq.com/organization-settings/roles). If you do not have permission to modify roles, contact your organization's administrator.

{% collapsible-section %}
**Create a role and assign it to users**
#### 1. Create a role

1. Navigate to the [Roles page](https://app.datadoghq.com/organization-settings/roles) in Datadog.
1. Click + New Role in the top-right corner.Important alert (level: info): If you see "Read Only" instead of the "+ New Role button", you don't have permission to create roles. Contact your Datadog administrator for assistance.
1. Enter a descriptive name for your role (for example, "Data Streams Messages Access").
1. In the Search Permissions field, type `Data Streams Monitoring Capture Messages`.
1. Select the permission from the search results to enable it for this role.
1. Click Save.
1. Confirm your role was created successfully by searching for it in the roles list.

#### 2. Assign the role to users

1. Go to the [Users page](https://app.datadoghq.com/organization-settings/users) in Datadog.
1. Find and click on the user you want to assign the role to.
1. In the user details panel, click Edit next to their name.Important alert (level: info): If you don't see an Edit button, you need administrator privileges to modify user roles. Contact your Datadog administrator.
1. In the modal that opens, locate the Roles section.
1. Add your newly created role to the user.
1. Click Save.
1. Look for a User updated confirmation message to verify the change was successful.

{% /collapsible-section %}