Hello,

I installed eventgen from https://github.com/splunk/eventgen, followed the instructions explained here https://www.youtube.com/watch?v=9S-ZeGEfRKg&feature=youtu.be&hd=1 by letter
1- execute index=_internal | reverse | fields index, host, source, sourcetype, _raw, _time, then export data to splunk_internal.csv, and rename _internal with main
2- create a new App invisible
3- create a directory samples put in it my csv
4- add eventgen.conf to directory local,
5- rename stanza with my file name.
6- restart splunk
7- when i execute * command, all I got is:

Période    Événement
23/03/17 16:40:08,000   
errorCode=400
host =  hots34 source = C:\Program Files\Splunk\etc/apps/tado/bin/zone1.py sourcetype = tado:zone
23/03/17 16:40:08,000   
errorCode=400
host =  hots34 source = C:\Program Files\Splunk\etc/apps/tado/bin/zone0.py sourcetype = tado:zone

here's my eventgen.conf:

[splunk_internal.csv]
mode = replay
sampletype = csv
timeMultiple = 2
backfill = -15m
backfillSearch = index=main sourcetype=splunkd

outputMode = stdout
outputMode = splunkstream
splunkHost = localhost
splunkUser = admin
splunkPass = changeme

# outputMode = file
# fileName = /tmp/internal.log

token.0.token = \d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2},\d{3,6}
token.0.replacementType = timestamp
token.0.replacement = %Y-%m-%d %H:%M:%S,%f

token.1.token = \d{2}-\d{2}-\d{4} \d{2}:\d{2}:\d{2}.\d{3,6}
token.1.replacementType = timestamp
token.1.replacement = %m-%d-%Y %H:%M:%S.%f

token.2.token = \d{2}/\w{3}/\d{4}:\d{2}:\d{2}:\d{2}.\d{3,6}
token.2.replacementType = timestamp
token.2.replacement = %d/%b/%Y:%H:%M:%S.%f

token.3.token = \d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}
token.3.replacementType = timestamp
token.3.replacement = %Y-%m-%d %H:%M:%S

token.4.token = \d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}
token.4.replacementType = timestamp
token.4.replacement = %Y-%m-%dT%H:%M:%S

thank you!

PS. Im running this on windows10
splunk entreprise 6.5