All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

EventGen: Why is the app not appearing to generate events after modifying the .conf file?

rob_lamb
Explorer
‎09-30-2016 12:51 PM

I am trying to run EventGen's tutorial 1 on a Windows host. Generated data is not going to my test index. I have tried modifying the .conf file to:

[search2.csv]
mode = replay
sampletype = csv
timeMultiple = 2
backfill = -15m
#backfillSearch = index=main sourcetype=splunkd
backfillSearch = index=cust1_index sourcetype=eventgen
index = cust1_index
sourcetype = eventgen
#outputMode = stdout
#outputMode = splunkstream
outputMode = modinput
splunkHost = localhost
splunkUser = admin
splunkPass =

When I look at eventgen.log after a reboot all I see is:

2016-09-30 12:26:36,206 INFO module='config' sample='null': Running as Splunk embedded
2016-09-30 12:26:36,503 INFO module='config' sample='null': Retrieving eventgen configurations from /configs/eventgen

When I search _internal for "eventgen" I see the event "Starting EventGen", followed by a series of GET and POST statements.

But no data is going to the index cust1_index.

0 Karma
Reply

jwelch_splunk
Splunk Employee
Splunk Employee
‎10-03-2016 05:33 AM

The eventgen.conf file is the conf file that tells the Eventgen App what to generate. Most TA's come with sample data as well as an eventgen.conf file.

In order for the eventgen.conf file to generate events you would need to download and install the app:

https://github.com/splunk/eventgen

0 Karma
Reply

rob_lamb
Explorer
‎10-03-2016 09:27 AM

I have already downloaded and installed the "master" branch from GIT as the application "SA-Eventgen" per the tutorial instructions I have been using.

0 Karma
Reply
Get Updates on the Splunk Community!

Accelerating Observability as Code with the Splunk AI Assistant

We’ve seen in previous posts what Observability as Code (OaC) is and how it’s now essential for managing ...

Integrating Splunk Search API and Quarto to Create Reproducible Investigation ...

 Splunk is More Than Just the Web Console For Digital Forensics and Incident Response (DFIR) practitioners, ...

Congratulations to the 2025-2026 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...