All Apps and Add-ons

Does Eventgen need to be setup in a special way for a distributed environment?

dmacgillivray
Communicator

All,
I can't find anything on setting up eventgen for a distributed environment. By the looks of the demo, it would appear that this developer had an all in one instance set up. How would I add in eventgen for my dev environment of 3 search heads and 3 indexers in a distributed dev environment ?

I am curious, as it would be really cool to let this data just pass onto my indexers without having to add the app over to all of them. Especially as it is non-clustered. ? Perhaps running from a single DB Connect search head forwarding on the event? Not sure it how it is supposed to work when it comes to scale of environment?

Any advice would be appreciated, even if it is a statement saying, yes you can add it to just a search head or just an indexer or for that matter an HF? Thanks in advance.

Thanks,
Daniel MacGillivray

0 Karma
1 Solution

sundareshr
Legend

Eventgen does not necessarily have to be run in Splunk. I can be run as an independent app as well. Here's an extract from online documentation. So you could set this up outside Splunk and stream the data into Splunk, making the Splunk deployment architecture moot.

"... Parameters for setting up outputMode = splunkstream. This is only required if we want to run the eventgen outside of Splunk. As a Splunk App and running as a scripted input, eventgen will gather this information from Splunk itself. Since we'll be running this from the command line for the tutorial, please customize your username and password in the tutorial. ..."

https://github.com/coccyx/eventgen/blob/master/README/Tutorial.md

View solution in original post

0 Karma

sundareshr
Legend

Eventgen does not necessarily have to be run in Splunk. I can be run as an independent app as well. Here's an extract from online documentation. So you could set this up outside Splunk and stream the data into Splunk, making the Splunk deployment architecture moot.

"... Parameters for setting up outputMode = splunkstream. This is only required if we want to run the eventgen outside of Splunk. As a Splunk App and running as a scripted input, eventgen will gather this information from Splunk itself. Since we'll be running this from the command line for the tutorial, please customize your username and password in the tutorial. ..."

https://github.com/coccyx/eventgen/blob/master/README/Tutorial.md

0 Karma

dmacgillivray
Communicator

Thanks Sudareshr, as stated by a co-worker in another role I once had. "Always Read the README" 🙂
Glad to know about the stream method, in that situation it would work best for us !

Stream must be similar to how rsyslog would work? I will check it out and thanks again !!

0 Karma

dmacgillivray
Communicator

Ah, the REST API call. Of course. Not like rsyslog at all.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...