All Apps and Add-ons

Does Eventgen need to be setup in a special way for a distributed environment?

dmacgillivray
Communicator

All,
I can't find anything on setting up eventgen for a distributed environment. By the looks of the demo, it would appear that this developer had an all in one instance set up. How would I add in eventgen for my dev environment of 3 search heads and 3 indexers in a distributed dev environment ?

I am curious, as it would be really cool to let this data just pass onto my indexers without having to add the app over to all of them. Especially as it is non-clustered. ? Perhaps running from a single DB Connect search head forwarding on the event? Not sure it how it is supposed to work when it comes to scale of environment?

Any advice would be appreciated, even if it is a statement saying, yes you can add it to just a search head or just an indexer or for that matter an HF? Thanks in advance.

Thanks,
Daniel MacGillivray

0 Karma
1 Solution

sundareshr
Legend

Eventgen does not necessarily have to be run in Splunk. I can be run as an independent app as well. Here's an extract from online documentation. So you could set this up outside Splunk and stream the data into Splunk, making the Splunk deployment architecture moot.

"... Parameters for setting up outputMode = splunkstream. This is only required if we want to run the eventgen outside of Splunk. As a Splunk App and running as a scripted input, eventgen will gather this information from Splunk itself. Since we'll be running this from the command line for the tutorial, please customize your username and password in the tutorial. ..."

https://github.com/coccyx/eventgen/blob/master/README/Tutorial.md

View solution in original post

0 Karma

sundareshr
Legend

Eventgen does not necessarily have to be run in Splunk. I can be run as an independent app as well. Here's an extract from online documentation. So you could set this up outside Splunk and stream the data into Splunk, making the Splunk deployment architecture moot.

"... Parameters for setting up outputMode = splunkstream. This is only required if we want to run the eventgen outside of Splunk. As a Splunk App and running as a scripted input, eventgen will gather this information from Splunk itself. Since we'll be running this from the command line for the tutorial, please customize your username and password in the tutorial. ..."

https://github.com/coccyx/eventgen/blob/master/README/Tutorial.md

0 Karma

dmacgillivray
Communicator

Thanks Sudareshr, as stated by a co-worker in another role I once had. "Always Read the README" 🙂
Glad to know about the stream method, in that situation it would work best for us !

Stream must be similar to how rsyslog would work? I will check it out and thanks again !!

0 Karma

dmacgillivray
Communicator

Ah, the REST API call. Of course. Not like rsyslog at all.

0 Karma
Get Updates on the Splunk Community!

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

Splunk is officially part of Cisco

Revolutionizing how our customers build resilience across their entire digital footprint.   Splunk ...

Splunk APM & RUM | Planned Maintenance March 26 - March 28, 2024

There will be planned maintenance for Splunk APM and RUM between March 26, 2024 and March 28, 2024 as ...