Eventgen: Unable to generate multiple output files...

conaku · ‎11-19-2019

I want to generate multiple output files with defined size using the "fileMaxBytes" and "fileBackupFiles" parameters but these parameters are not working for me. Please suggest.
Here is the configuration file that I have developed:

[global]
generatorWorkers = 10
threading = process
#threading = thread


[wls_day-01_1v.sample]
mode=sample
sampleDir = /root/ashish/cybersecurity/splunk_eventgen/eventgen/lanl_datagen
sampletype = csv
hourOfDayRate = { "0": 0.30, "1": 0.10, "2": 0.05, "3": 0.10, "4": 0.15, "5": 0.25, "6": 0.35, "7": 0.50, "8": 0.60, "9": 0.65, "10": 0.70, "11": 0.75, "12": 0.77, "13": 0.80, "14": 0.82, "15": 0.85, "16": 0.87, "17": 0.90, "18": 0.95, "19": 1.0, "20": 0.85, "21": 0.70, "22": 0.60, "23": 0.45 }
dayOfWeekRate = { "0": 0.55, "1": 0.97, "2": 0.95, "3": 0.90, "4": 0.97, "5": 1.0, "6": 0.99 }
randomizeCount = 0.2

interval = 3
#earliest = -1s
#latest = now

outputMode = file
fileName = /nvme_data5/Event1V.log
fileMaxBytes = 10485760
fileBackupFiles = 5
count = 1000

token.0.token = \d{2}/\d{2}/\d{4} \d{2}:\d{2}:\d{2},
token.0.replacementType = timestamp
token.0.replacement = %m/%d/%Y %H:%M:%S,

token.1.token = (12345)
token.1.replacementType = integerid
token.1.replacement = 1000

token.2.token = (4688)
token.2.replacementType = file
token.2.replacement = /root/ashish/cybersecurity/splunk_eventgen/eventgen/lanl_datagen/eventId.sample

Eventgen: Unable to generate multiple output files with defined size

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?