Hi all, I am trying to get eventgen working. I did a basic troubleshooting test on eventgen by running it from the command line, but it is reporting errors.
[splunk@sh ~]$ cd /opt/splunk/etc/apps/eventgen
[splunk@sh eventgen]$ python bin/eventgen.py -s /opt/splunk/etc/apps/eventgen/local/eventgen.conf
2018-05-14 18:35:07,265 INFO Starting eventgen
2018-05-14 18:35:12,272 INFO Retrieving eventgen configurations with ConfigParser()
2018-05-14 18:35:12,319 INFO Creating timer object for sample 'hp_print_sample.log' in app 'eventgen'
2018-05-14 18:35:12,319 INFO Starting timers
2018-05-14 18:35:12,320 ERROR Exception in sample: hp_print_sample.log
Traceback (most recent call last):
File "bin/eventgen.py", line 47, in run
partialInterval = self.sample.gen()
File "/opt/splunk/etc/apps/eventgen/lib/eventgensamples.py", line 134, in gen
self._out = Output(self)
File "/opt/splunk/etc/apps/eventgen/lib/eventgenoutput.py", line 125, in __init__
self._fileHandle = open(self._file, 'a')
IOError: [Errno 2] No such file or directory: '$SPLUNK_HOME/var/spool/splunk/hp_print_sample.log'
Exception in sample: hp_print_sample.log
Traceback (most recent call last):
File "bin/eventgen.py", line 47, in run
partialInterval = self.sample.gen()
File "/opt/splunk/etc/apps/eventgen/lib/eventgensamples.py", line 134, in gen
self._out = Output(self)
File "/opt/splunk/etc/apps/eventgen/lib/eventgenoutput.py", line 125, in __init__
self._fileHandle = open(self._file, 'a')
IOError: [Errno 2] No such file or directory: '$SPLUNK_HOME/var/spool/splunk/hp_print_sample.log'
This is my eventgen.conf file.
[hp_print_sample.log]
mode = sample
sampletype = raw
interval = 1
earliest = -15s
latest = now
#perDayVolume = 0.5
randomizeEvents = true
randomizeCount = 0.5
disabled = false
hourOfDayRate = { "0": 0.1, "1": 0.1, "2": 0.1, "3": 0.1, "4": 0.2, "5": 0.1, "6": 0.2, "7": 0.3, "8": 0.7, "9": 0.9, "10": 0.7, "11": 0.9, "12": 0.9, "13": 0.9, "14": 0.8, "15": 0.7, "16": 0.8, "17": 0.7, "18": 0.7, "19": 0.5, "20": 0.4, "21": 0.2, "22": 0.1, "23": 0.1 }
dayOfWeekRate = { "0": 0.1, "1": 0.7, "2": 0.8, "3": 0.7, "4": 0.9, "5": 0.7, "6": 0.2 }
outputMode = file
splunkHost = /opt/splunk/etc/apps/eventgen/data/test.log
token.0.token = \d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2},\d{3,6}
token.0.replacementType = timestamp
token.0.replacement = %Y-%m-%d %H:%M:%S,%f
token.1.token = \d{2}-\d{2}-\d{4} \d{2}:\d{2}:\d{2}.\d{3,6}
token.1.replacementType = timestamp
token.1.replacement = %m-%d-%Y %H:%M:%S.%f
token.2.token = \d{2}/\w{3}/\d{4}:\d{2}:\d{2}:\d{2}.\d{3,6}
token.2.replacementType = timestamp
token.2.replacement = %d/%b/%Y:%H:%M:%S.%f
token.3.token = \d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}
token.3.replacementType = timestamp
token.3.replacement = %Y-%m-%d %H:%M:%S
token.4.token = \d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}
token.4.replacementType = timestamp
token.4.replacement = %Y-%m-%dT%H:%M:%S
When I try to add the hp_print_sample.log file to $SPLUNK_HOME/var/spool/splunk, it automatically deletes the file when I try to add it. What's going on and what can I try to troubleshoot this?
This problem has been solved. splunkHost should be fileName in the eventgen.conf file.
This problem has been solved. splunkHost should be fileName in the eventgen.conf file.