If you have time series events in a Kafka topic, how can you find anomalous events?
Assuming transaction events are joined with table reference data, use windowing to group anomalous transactions.
CREATE TABLE accounts_to_monitor
WITH (kafka_topic='accounts_to_monitor', partitions=1, value_format='JSON') AS
SELECT USERNAME,
TIMESTAMPTOSTRING(WINDOWSTART, 'yyyy-MM-dd HH:mm:ss Z') AS WINDOW_START,
TIMESTAMPTOSTRING(WINDOWEND, 'yyyy-MM-dd HH:mm:ss Z') AS WINDOW_END
FROM suspicious_transactions
WINDOW TUMBLING (SIZE 24 HOURS)
GROUP BY USERNAME
HAVING COUNT(*) > 3;
This tutorial installs Confluent Platform using Docker. Before proceeding:
• Install Docker Desktop (version 4.0.0 or later) or Docker Engine (version 19.03.0 or later) if you don’t already have it
• Install the Docker Compose plugin if you don’t already have it. This isn’t necessary if you have Docker Desktop since it includes Docker Compose.
• Start Docker if it’s not already running, either by starting Docker Desktop or, if you manage Docker Engine with systemd, via systemctl
• Verify that Docker is set up properly by ensuring no errors are output when you run docker info and docker compose version on the command line
To get started, make a new directory anywhere you’d like for this project:
mkdir anomaly-detection && cd anomaly-detection
Then make the following directories to set up its structure:
mkdir src test
Next, create the following docker-compose.yml file to obtain Confluent Platform (for Kafka in the cloud, see Confluent Cloud):
version: '2'
services:
broker:
image: confluentinc/cp-kafka:7.4.1
hostname: broker
container_name: broker
ports:
- 29092:29092
environment:
KAFKA_BROKER_ID: 1
KAFKA_LISTENER_SECURITY_PROTOCOL_MAP: PLAINTEXT:PLAINTEXT,PLAINTEXT_HOST:PLAINTEXT,CONTROLLER:PLAINTEXT
KAFKA_ADVERTISED_LISTENERS: PLAINTEXT://broker:9092,PLAINTEXT_HOST://localhost:29092
KAFKA_OFFSETS_TOPIC_REPLICATION_FACTOR: 1
KAFKA_GROUP_INITIAL_REBALANCE_DELAY_MS: 0
KAFKA_TRANSACTION_STATE_LOG_MIN_ISR: 1
KAFKA_TRANSACTION_STATE_LOG_REPLICATION_FACTOR: 1
KAFKA_PROCESS_ROLES: broker,controller
KAFKA_NODE_ID: 1
KAFKA_CONTROLLER_QUORUM_VOTERS: 1@broker:29093
KAFKA_LISTENERS: PLAINTEXT://broker:9092,CONTROLLER://broker:29093,PLAINTEXT_HOST://0.0.0.0:29092
KAFKA_INTER_BROKER_LISTENER_NAME: PLAINTEXT
KAFKA_CONTROLLER_LISTENER_NAMES: CONTROLLER
KAFKA_LOG_DIRS: /tmp/kraft-combined-logs
CLUSTER_ID: MkU3OEVBNTcwNTJENDM2Qk
schema-registry:
image: confluentinc/cp-schema-registry:7.3.0
hostname: schema-registry
container_name: schema-registry
depends_on:
- broker
ports:
- 8081:8081
environment:
SCHEMA_REGISTRY_HOST_NAME: schema-registry
SCHEMA_REGISTRY_KAFKASTORE_BOOTSTRAP_SERVERS: broker:9092
ksqldb-server:
image: confluentinc/ksqldb-server:0.28.2
hostname: ksqldb-server
container_name: ksqldb-server
depends_on:
- broker
- schema-registry
ports:
- 8088:8088
environment:
KSQL_CONFIG_DIR: /etc/ksqldb
KSQL_LOG4J_OPTS: -Dlog4j.configuration=file:/etc/ksqldb/log4j.properties
KSQL_BOOTSTRAP_SERVERS: broker:9092
KSQL_HOST_NAME: ksqldb-server
KSQL_LISTENERS: http://0.0.0.0:8088
KSQL_CACHE_MAX_BYTES_BUFFERING: 0
KSQL_KSQL_SCHEMA_REGISTRY_URL: http://schema-registry:8081
KSQL_KSQL_STREAMS_AUTO_OFFSET_RESET: earliest
ksqldb-cli:
image: confluentinc/ksqldb-cli:0.28.2
container_name: ksqldb-cli
depends_on:
- broker
- ksqldb-server
entrypoint: /bin/sh
tty: true
environment:
KSQL_CONFIG_DIR: /etc/ksqldb
volumes:
- ./src:/opt/app/src
- ./test:/opt/app/test
And launch it by running:
docker compose up -d
To begin developing interactively, open up the ksqlDB CLI:
docker exec -it ksqldb-cli ksql http://ksqldb-server:8088
First, you will need to create a ksqlDB table and Kafka topic to represent the suspicious names data. You can create a table from a Kafka topic or derive one from an existing stream or table. In both cases, a table’s underlying data is durably stored in a topic on the Kafka brokers. In this tutorial we are creating a new Kafka topic for our table. If kafka_topic were not specified in the query, a new Kafka topic would be created for us.
CREATE TABLE suspicious_names (CREATED_TS VARCHAR,
COMPANY_NAME VARCHAR PRIMARY KEY,
COMPANY_ID INT)
WITH (kafka_topic='suspicious_names',
partitions=1,
value_format='JSON',
timestamp='CREATED_TS',
timestamp_format = 'yyyy-MM-dd HH:mm:ss');
A table is more fitting than a stream for the suspicious names data because it is a mutable collection that changes over time. We may want to add company names to this table or remove them in the future.
Likewise, you’ll need a ksqlDB stream and Kafka topic to represent transaction events. The transaction information includes the identifier, the user sending the money, the name of the recipient, the amount of money sent, and the time of the transaction. Since this data represents a historical sequence of events, a stream is more appropriate than a table.
CREATE STREAM transactions (TXN_ID BIGINT, USERNAME VARCHAR, RECIPIENT VARCHAR, AMOUNT DOUBLE, TS VARCHAR)
WITH (kafka_topic='transactions',
partitions=1,
value_format='JSON',
timestamp='TS',
timestamp_format = 'yyyy-MM-dd HH:mm:ss');
Let’s add some suspicious names data into our reference table. Note that the timestamps for these records are between 3 and 5 days ago.
INSERT INTO suspicious_names (CREATED_TS, COMPANY_NAME, COMPANY_ID) VALUES (FORMAT_TIMESTAMP(FROM_UNIXTIME(UNIX_TIMESTAMP() - (5 * 24 * 60 * 60 * 1000)),'yyyy-MM-dd HH:mm:ss'), 'Verizon', 1);
INSERT INTO suspicious_names (CREATED_TS, COMPANY_NAME, COMPANY_ID) VALUES (FORMAT_TIMESTAMP(FROM_UNIXTIME(UNIX_TIMESTAMP() - (4 * 24 * 60 * 60 * 1000)),'yyyy-MM-dd HH:mm:ss'), 'Spirit Halloween', 2);
INSERT INTO suspicious_names (CREATED_TS, COMPANY_NAME, COMPANY_ID) VALUES (FORMAT_TIMESTAMP(FROM_UNIXTIME(UNIX_TIMESTAMP() - (3 * 24 * 60 * 60 * 1000)),'yyyy-MM-dd HH:mm:ss'), 'Best Buy', 3);
Let’s add some transaction data into our event stream. Note that the timestamps for these transactions are all within the past day, i.e., after the timestamps of the suspicious name records.
INSERT INTO transactions (TXN_ID, USERNAME, RECIPIENT, AMOUNT, TS) VALUES (9900, 'Abby Normal', 'Verizon', 22.0, FORMAT_TIMESTAMP(FROM_UNIXTIME(UNIX_TIMESTAMP() - (1 * 24 * 60 * 60 * 1000 + 2 * 60 * 1000)),'yyyy-MM-dd HH:mm:ss'));
INSERT INTO transactions (TXN_ID, USERNAME, RECIPIENT, AMOUNT, TS) VALUES (12, 'Victor von Frankenstein', 'Tattered Cover', 7.0, FORMAT_TIMESTAMP(FROM_UNIXTIME(UNIX_TIMESTAMP() - (1 * 24 * 60 * 60 * 1000 + 3 * 60 * 1000)),'yyyy-MM-dd HH:mm:ss'));
INSERT INTO transactions (TXN_ID, USERNAME, RECIPIENT, AMOUNT, TS) VALUES (13, 'Frau Blücher', 'Peebles', 70.0, FORMAT_TIMESTAMP(FROM_UNIXTIME(UNIX_TIMESTAMP() - (1 * 24 * 60 * 60 * 1000 + 4 * 60 * 1000)),'yyyy-MM-dd HH:mm:ss'));
INSERT INTO transactions (TXN_ID, USERNAME, RECIPIENT, AMOUNT, TS) VALUES (9903, 'Abby Normal', 'Verizon', 61.0, FORMAT_TIMESTAMP(FROM_UNIXTIME(UNIX_TIMESTAMP() - (1 * 24 * 60 * 60 * 1000 + 5 * 60 * 1000)),'yyyy-MM-dd HH:mm:ss'));
INSERT INTO transactions (TXN_ID, USERNAME, RECIPIENT, AMOUNT, TS) VALUES (9901, 'Abby Normal', 'Spirit Halloween', 83.0, FORMAT_TIMESTAMP(FROM_UNIXTIME(UNIX_TIMESTAMP() - (1 * 24 * 60 * 60 * 1000 + 6 * 60 * 1000)),'yyyy-MM-dd HH:mm:ss'));
INSERT INTO transactions (TXN_ID, USERNAME, RECIPIENT, AMOUNT, TS) VALUES (9902, 'Abby Normal', 'Spirit Halloween', 46.0, FORMAT_TIMESTAMP(FROM_UNIXTIME(UNIX_TIMESTAMP() - (1 * 24 * 60 * 60 * 1000 + 7 * 60 * 1000)),'yyyy-MM-dd HH:mm:ss'));
INSERT INTO transactions (TXN_ID, USERNAME, RECIPIENT, AMOUNT, TS) VALUES (9904, 'Abby Normal', 'Spirit Halloween', 59.0, FORMAT_TIMESTAMP(FROM_UNIXTIME(UNIX_TIMESTAMP() - (1 * 24 * 60 * 60 * 1000 + 8 * 60 * 1000)),'yyyy-MM-dd HH:mm:ss'));
INSERT INTO transactions (TXN_ID, USERNAME, RECIPIENT, AMOUNT, TS) VALUES (6, 'Victor von Frankenstein', 'Confluent Cloud', 21.0, FORMAT_TIMESTAMP(FROM_UNIXTIME(UNIX_TIMESTAMP() - (1 * 24 * 60 * 60 * 1000 + 9 * 60 * 1000)),'yyyy-MM-dd HH:mm:ss'));
INSERT INTO transactions (TXN_ID, USERNAME, RECIPIENT, AMOUNT, TS) VALUES (18, 'Frau Blücher', 'Target', 70.0, FORMAT_TIMESTAMP(FROM_UNIXTIME(UNIX_TIMESTAMP() - (1 * 24 * 60 * 60 * 1000 + 10 * 60 * 1000)),'yyyy-MM-dd HH:mm:ss'));
INSERT INTO transactions (TXN_ID, USERNAME, RECIPIENT, AMOUNT, TS) VALUES (7, 'Victor von Frankenstein', 'Verizon', 100.0, FORMAT_TIMESTAMP(FROM_UNIXTIME(UNIX_TIMESTAMP() - (1 * 24 * 60 * 60 * 1000 + 11 * 60 * 1000)),'yyyy-MM-dd HH:mm:ss'));
INSERT INTO transactions (TXN_ID, USERNAME, RECIPIENT, AMOUNT, TS) VALUES (19, 'Frau Blücher', 'Goodwill', 7.0, FORMAT_TIMESTAMP(FROM_UNIXTIME(UNIX_TIMESTAMP() - (1 * 24 * 60 * 60 * 1000 + 12 * 60 * 1000)),'yyyy-MM-dd HH:mm:ss'));
Set ksqlDB to process data from the beginning of each Kafka topic:
SET 'auto.offset.reset' = 'earliest';
Using the table of suspicious names and stream of transactions, create a new stream of events containing only those transactions that were sent to an account name contained in the suspicious_names table. We can do this by performing an INNER JOIN. In this case the INNER JOIN will couple events in the transaction stream where the RECIPIENT is the same as COMPANY_NAME in the suspicious_names table. The stream created below will continuously be populated by the coupled events emitted by the query.
CREATE STREAM suspicious_transactions
WITH (kafka_topic='suspicious_transactions', partitions=1, value_format='JSON') AS
SELECT T.TXN_ID, T.USERNAME, T.RECIPIENT, T.AMOUNT, T.TS
FROM transactions T
INNER JOIN
suspicious_names S
ON T.RECIPIENT = S.COMPANY_NAME;
|
Stream-Table Joins
Things to note: |
Inspect the new stream.
SELECT TXN_ID, USERNAME, RECIPIENT, AMOUNT
FROM suspicious_transactions
EMIT CHANGES
LIMIT 6;
Note that some of the transactions that we inserted earlier were to companies that are in the suspicious_names table.
+-------------------------+-------------------------+-------------------------+-------------------------+
|TXN_ID |USERNAME |RECIPIENT |AMOUNT |
+-------------------------+-------------------------+-------------------------+-------------------------+
|9900 |Abby Normal |Verizon |22.0 |
|9903 |Abby Normal |Verizon |61.0 |
|9901 |Abby Normal |Spirit Halloween |83.0 |
|9902 |Abby Normal |Spirit Halloween |46.0 |
|9904 |Abby Normal |Spirit Halloween |59.0 |
|7 |Victor von Frankenstein |Verizon |100.0 |
Limit Reached
Query terminated
For this use case, let’s say that a single transaction to one of the companies in the suspicious_names table is probably okay, but multiple transactions to one or more of those companies in a 24-hour period is an anomaly. ksqlDB gives us the ability to see if any anomalies are present for a particular user with the following query. Create the accounts_to_monitor table by copying and pasting the content below into the ksqlDB CLI.
CREATE TABLE accounts_to_monitor
WITH (kafka_topic='accounts_to_monitor', partitions=1, value_format='JSON') AS
SELECT TIMESTAMPTOSTRING(WINDOWSTART, 'yyyy-MM-dd HH:mm:ss Z') AS WINDOW_START, (1)
TIMESTAMPTOSTRING(WINDOWEND, 'yyyy-MM-dd HH:mm:ss Z') AS WINDOW_END,
USERNAME
FROM suspicious_transactions
WINDOW TUMBLING (SIZE 24 HOURS) (2)
GROUP BY USERNAME
HAVING COUNT(*) > 3; (3)1 The fields WINDOW_START and WINDOW_END tell us what interval of time suspicious activity occurred.
2 The WINDOW TUMBLING part of the query allows us to do an aggregation with distinct time boundaries. In this case our window is fixed at a length of 24 hours, does not allow gaps, and does not allow overlapping. Other types of windows are explained in the "Collect data over time" section of Kafka Tutorials. For more in-depth descriptions and visualizations, checkout the ksqlDB documentation about windows.
3 The last two lines of the query address how you would determine if a user had multiple suspicious transactions. This aspect of the query says, in essence, if any user has greater than 3 suspicious transactions in a 24-hour window, emit an event to the accounts_to_monitor table.
The ksqlDB table, and the underlying Kafka topic backing this table, contain a list of accounts against which more than three suspicious transactions have taken place in a 24-hour window.
SELECT *
FROM ACCOUNTS_TO_MONITOR
EMIT CHANGES
LIMIT 1;
The output should look like the following:
+-------------------------+-------------------------+-------------------------+-------------------------+-------------------------+
|USERNAME |WINDOWSTART |WINDOWEND |WINDOW_START |WINDOW_END |
+-------------------------+-------------------------+-------------------------+-------------------------+-------------------------+
|Abby Normal |1666137600000 |1666224000000 |2022-10-19 00:00:00 +0000|2022-10-20 00:00:00 +0000|
Limit Reached
Query terminated
Note that if you were to alter the LIMIT of results to something greater than 1, you would not see any other accounts flagged even though Victor von Frankenstein had a transaction that was flagged as suspicious. If you decided to rerun the query with a new limit, use Ctrl-D to terminate the query.
Events within the Kafka topic accounts_to_monitor can be used to drive monitoring and alerting applications that could take action such as placing a hold on the account, notifying the card holder, etc.
Type 'exit' and hit enter to shutdown the ksqlDB CLI.
Now that you have a series of statements that’s doing the right thing, the last step is to put them into a file so that they can be used outside the CLI session. Create a file at src/statements.sql with the following content that represents the suspicious names (In production, you would likely use Kafka Connect to read the suspicious names from a database into a Kafka topic, and then create a ksqlDB stream for it).
CREATE TABLE suspicious_names (CREATED_TS VARCHAR,
COMPANY_NAME VARCHAR PRIMARY KEY,
COMPANY_ID INT)
WITH (kafka_topic='suspicious_names',
partitions=1,
value_format='JSON',
timestamp='CREATED_TS',
timestamp_format = 'yyyy-MM-dd HH:mm:ss');
CREATE STREAM transactions (TXN_ID BIGINT, USERNAME VARCHAR, RECIPIENT VARCHAR, AMOUNT DOUBLE, TS VARCHAR)
WITH (kafka_topic='transactions',
partitions=1,
value_format='JSON',
timestamp='TS',
timestamp_format = 'yyyy-MM-dd HH:mm:ss');
CREATE STREAM suspicious_transactions
WITH (kafka_topic='suspicious_transactions', partitions=1, value_format='JSON') AS
SELECT T.TXN_ID, T.USERNAME, T.RECIPIENT, T.AMOUNT, T.TS
FROM transactions T
INNER JOIN
suspicious_names S
ON T.RECIPIENT = S.COMPANY_NAME;
CREATE TABLE accounts_to_monitor
WITH (kafka_topic='accounts_to_monitor', partitions=1, value_format='JSON') AS
SELECT USERNAME,
TIMESTAMPTOSTRING(WINDOWSTART, 'yyyy-MM-dd HH:mm:ss Z') AS WINDOW_START,
TIMESTAMPTOSTRING(WINDOWEND, 'yyyy-MM-dd HH:mm:ss Z') AS WINDOW_END
FROM suspicious_transactions
WINDOW TUMBLING (SIZE 24 HOURS)
GROUP BY USERNAME
HAVING COUNT(*) > 3;Create a file at test/input.json with the inputs for testing:
{
"inputs": [
{ "topic": "suspicious_names", "key": "Verizon", "value": { "CREATED_TS": "2019-03-08 00:00:00", "COMPANY_NAME": "Verizon", "COMPANY_ID": 1 } },
{ "topic": "suspicious_names", "key": "Spirit Halloween", "value": { "CREATED_TS": "2019-10-31 00:00:00", "COMPANY_NAME": "Spirit Halloween", "COMPANY_ID": 2 } },
{ "topic": "suspicious_names", "key": "Best Buy", "value": { "CREATED_TS": "2019-12-15 00:00:00", "COMPANY_NAME": "Best Buy", "COMPANY_ID": 3 } },
{ "topic": "transactions", "value": { "TXN_ID": 9900, "USERNAME": "Abby Normal", "RECIPIENT": "Verizon", "AMOUNT": 22.0, "TS": "2020-10-20 13:05:36" } },
{ "topic": "transactions", "value": { "TXN_ID": 12, "USERNAME": "Victor von Frankenstein", "RECIPIENT": "Tattered Cover", "AMOUNT": 7.0, "TS": "2020-10-20 13:07:59" } },
{ "topic": "transactions", "value": { "TXN_ID": 13, "USERNAME": "Frau Blücher", "RECIPIENT": "Peebles", "AMOUNT": 70.0, "TS": "2020-10-20 13:15:00" } },
{ "topic": "transactions", "value": { "TXN_ID": 9903, "USERNAME": "Abby Normal", "RECIPIENT": "Verizon", "AMOUNT": 61.0, "TS": "2020-10-20 13:31:02" } },
{ "topic": "transactions", "value": { "TXN_ID": 9901, "USERNAME": "Abby Normal", "RECIPIENT": "Spirit Halloween", "AMOUNT": 83.0, "TS": "2020-10-20 13:44:41" } },
{ "topic": "transactions", "value": { "TXN_ID": 9902, "USERNAME": "Abby Normal", "RECIPIENT": "Spirit Halloween", "AMOUNT": 46.0, "TS": "2020-10-20 13:44:43" } },
{ "topic": "transactions", "value": { "TXN_ID": 9904, "USERNAME": "Abby Normal", "RECIPIENT": "Spirit Halloween", "AMOUNT": 59.0, "TS": "2020-10-20 13:44:44" } },
{ "topic": "transactions", "value": { "TXN_ID": 6, "USERNAME": "Victor von Frankenstein", "RECIPIENT": "Confluent Cloud", "AMOUNT": 21.0, "TS": "2020-10-20 13:47:51" } },
{ "topic": "transactions", "value": { "TXN_ID": 18, "USERNAME": "Frau Blücher", "RECIPIENT": "Target", "AMOUNT": 70.0, "TS": "2020-10-20 13:52:01" } },
{ "topic": "transactions", "value": { "TXN_ID": 7, "USERNAME": "Victor von Frankenstein", "RECIPIENT": "Verizon", "AMOUNT": 100.0, "TS": "2020-10-20 13:55:06" } },
{ "topic": "transactions", "value": { "TXN_ID": 19, "USERNAME": "Frau Blücher", "RECIPIENT": "Goodwill", "AMOUNT": 7.0, "TS": "2020-10-20 14:12:32" } }
]
}
Create a file at test/output.json with the expected outputs. Notice that because ksqlDB joins its grouping key with the window boundaries, we need to use a bit of extra expression to describe what to expect. We leverage the window key to describe the start and end boundaries that the key represents. Checkout our tutorial on tumbling windows for a more comprehensive explanation.
{
"outputs": [
{
"topic": "suspicious_transactions",
"key": "Verizon",
"value": {
"TXN_ID": 9900,
"USERNAME": "Abby Normal",
"AMOUNT": 22.0,
"TS": "2020-10-20 13:05:36"
}
},
{
"topic": "suspicious_transactions",
"key": "Verizon",
"value": {
"TXN_ID": 9903,
"USERNAME": "Abby Normal",
"AMOUNT": 61.0,
"TS": "2020-10-20 13:31:02"
}
},
{
"topic": "suspicious_transactions",
"key": "Spirit Halloween",
"value": {
"TXN_ID": 9901,
"USERNAME": "Abby Normal",
"AMOUNT": 83.0,
"TS": "2020-10-20 13:44:41"
}
},
{
"topic": "suspicious_transactions",
"key": "Spirit Halloween",
"value": {
"TXN_ID": 9902,
"USERNAME": "Abby Normal",
"AMOUNT": 46.0,
"TS": "2020-10-20 13:44:43"
}
},
{
"topic": "suspicious_transactions",
"key": "Spirit Halloween",
"value": {
"TXN_ID": 9904,
"USERNAME": "Abby Normal",
"AMOUNT": 59.0,
"TS": "2020-10-20 13:44:44"
}
},
{
"topic": "suspicious_transactions",
"key": "Verizon",
"value": {
"TXN_ID": 7,
"USERNAME": "Victor von Frankenstein",
"AMOUNT": 100.0,
"TS": "2020-10-20 13:55:06"
}
},
{
"topic": "accounts_to_monitor",
"key": "Abby Normal",
"window": {
"start": 1603152000000,
"end": 1603238400000,
"type": "time"
},
"value": {
"WINDOW_START": "2020-10-20 00:00:00 +0000",
"WINDOW_END": "2020-10-21 00:00:00 +0000"
},
"timestamp": 1603201483000
},
{
"topic": "accounts_to_monitor",
"key": "Abby Normal",
"window": {
"start": 1603152000000,
"end": 1603238400000,
"type": "time"
},
"value": {
"WINDOW_START": "2020-10-20 00:00:00 +0000",
"WINDOW_END": "2020-10-21 00:00:00 +0000"
},
"timestamp": 1603201484000
}
]
}
Invoke the tests using the ksqlDB test runner and the statements file that you created earlier:
docker exec ksqldb-cli ksql-test-runner -i /opt/app/test/input.json -s /opt/app/src/statements.sql -o /opt/app/test/output.json
Which should pass:
>>> Test passed!
Instead of running a local Kafka cluster, you may use Confluent Cloud, a fully managed Apache Kafka service.
Sign up for Confluent Cloud, a fully managed Apache Kafka service.
After you log in to Confluent Cloud Console, click Environments in the lefthand navigation, click on Add cloud environment, and name the environment learn-kafka. Using a new environment keeps your learning resources separate from your other Confluent Cloud resources.
From the Billing & payment section in the menu, apply the promo code CC100KTS to receive an additional $100 free usage on Confluent Cloud (details). To avoid having to enter a credit card, add an additional promo code CONFLUENTDEV1. With this promo code, you will not have to enter a credit card for 30 days or until your credits run out.
Click on LEARN and follow the instructions to launch a Kafka cluster and enable Schema Registry.
Next, from the Confluent Cloud Console, click on Clients to get the cluster-specific configurations, e.g., Kafka cluster bootstrap servers and credentials, Confluent Cloud Schema Registry and credentials, etc., and set the appropriate parameters in your client application.
Now you’re all set to run your streaming application locally, backed by a Kafka cluster fully managed by Confluent Cloud.