All Apps and Add-ons

EventGen: Why is the app not appearing to generate events after modifying the .conf file?

rob_lamb
Explorer

I am trying to run EventGen's tutorial 1 on a Windows host. Generated data is not going to my test index. I have tried modifying the .conf file to:

[search2.csv]
mode = replay
sampletype = csv
timeMultiple = 2
backfill = -15m
#backfillSearch = index=main sourcetype=splunkd
backfillSearch = index=cust1_index sourcetype=eventgen
index = cust1_index
sourcetype = eventgen
#outputMode = stdout
#outputMode = splunkstream
outputMode = modinput
splunkHost = localhost
splunkUser = admin
splunkPass =

When I look at eventgen.log after a reboot all I see is:

2016-09-30 12:26:36,206 INFO module='config' sample='null': Running as Splunk embedded
2016-09-30 12:26:36,503 INFO module='config' sample='null': Retrieving eventgen configurations from /configs/eventgen

When I search _internal for "eventgen" I see the event "Starting EventGen", followed by a series of GET and POST statements.

But no data is going to the index cust1_index.

0 Karma

jwelch_splunk
Splunk Employee
Splunk Employee

The eventgen.conf file is the conf file that tells the Eventgen App what to generate. Most TA's come with sample data as well as an eventgen.conf file.

In order for the eventgen.conf file to generate events you would need to download and install the app:

https://github.com/splunk/eventgen

0 Karma

rob_lamb
Explorer

I have already downloaded and installed the "master" branch from GIT as the application "SA-Eventgen" per the tutorial instructions I have been using.

0 Karma
Get Updates on the Splunk Community!

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...

SignalFlow: What? Why? How?

What is SignalFlow? Splunk Observability Cloud’s analytics engine, SignalFlow, opens up a world of in-depth ...

Federated Search for Amazon S3 | Key Use Cases to Streamline Compliance Workflows

Modern business operations are supported by data compliance. As regulations evolve, organizations must ...