All Apps and Add-ons

EventGen: Why is the app not appearing to generate events after modifying the .conf file?

rob_lamb
Explorer

I am trying to run EventGen's tutorial 1 on a Windows host. Generated data is not going to my test index. I have tried modifying the .conf file to:

[search2.csv]
mode = replay
sampletype = csv
timeMultiple = 2
backfill = -15m
#backfillSearch = index=main sourcetype=splunkd
backfillSearch = index=cust1_index sourcetype=eventgen
index = cust1_index
sourcetype = eventgen
#outputMode = stdout
#outputMode = splunkstream
outputMode = modinput
splunkHost = localhost
splunkUser = admin
splunkPass =

When I look at eventgen.log after a reboot all I see is:

2016-09-30 12:26:36,206 INFO module='config' sample='null': Running as Splunk embedded
2016-09-30 12:26:36,503 INFO module='config' sample='null': Retrieving eventgen configurations from /configs/eventgen

When I search _internal for "eventgen" I see the event "Starting EventGen", followed by a series of GET and POST statements.

But no data is going to the index cust1_index.

0 Karma

jwelch_splunk
Splunk Employee
Splunk Employee

The eventgen.conf file is the conf file that tells the Eventgen App what to generate. Most TA's come with sample data as well as an eventgen.conf file.

In order for the eventgen.conf file to generate events you would need to download and install the app:

https://github.com/splunk/eventgen

0 Karma

rob_lamb
Explorer

I have already downloaded and installed the "master" branch from GIT as the application "SA-Eventgen" per the tutorial instructions I have been using.

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In November, the Splunk Threat Research Team had one release of new security content via the Enterprise ...

Index This | Divide 100 by half. What do you get?

November 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...

Stay Connected: Your Guide to December Tech Talks, Office Hours, and Webinars!

❄️ Celebrate the season with our December lineup of Community Office Hours, Tech Talks, and Webinars! ...