Install Network Observability and Loki Operator 5.6.  Make sure you are getting flows in Observe > Network Traffic.

Now install AMQ Streams to add Kafka.  Create a Kafka topic and Kafka cluster.

Edit the FlowCollector YAML to change the deploymentModel to KAFKA from DIRECT.

At this point, it appears you are done.  If you go to Observe > Network Traffic, you will see flows, but what you may not realize is that no new flows are coming in.  There are no errors in flowlogs pipeline to indicate that something is wrong.  Hence, I am considering this a bug.

—

The problem is that upon adding Kafka, the flowlogs pipeline pods are restarted and the service account name changes from flowlogs-pipeline to flowlogs-pipeline-transformer.  When a LokiStack resource was created, it created a cluster role binding to give it access to Loki using the service account name, but now it's out of sync.  A workaround is to recreate the cluster role binding using the new service account name.

It would be best if the service account name did not change depending on whether you use Kafka or not.