All Apps and Add-ons

Eventgen one line a time

jadengoho
Builder

Hi All,
I want to generate logs line by line.
After the first line was generated it will wait for 60 seconds before generating the second line.

529 29/03/20 12:49:13 000002
CASH WITHDRAWAL  0,0000.00  ALL
0000000000*******910
 12:49:35 TRANSACTION END
*461*03/29/2020*12:49*
     *PRIMARY CARD READER ACTIVATED*
*462*03/29/2020*18:39*
     *TRANSACTION START*
 CARD INSERTED
CARD: ************1806
DATE 29-03-20    TIME 18:39:07
 18:39:08 ATR RECEIVED T=0
 18:39:15 PIN ENTERED
 18:39:17 OPCODE = B   A DB
 18:39:18 GENAC 1 : ARQC
 18:39:20 GENAC 2 : TC
----------
530 29/03/20 18:39:30 000001
BALANCE INQUIRY   ALL
0000000000*******806
 18:39:33 CARD TAKEN
 18:39:38 TRANSACTION END
*463*03/29/2020*18:39*
     *PRIMARY CARD READER ACTIVATED*
*464*03/29/2020*23:36*
     *PRIMARY CARD READER ACTIVATED*
*465*03/30/2020*06:13*
     *TRANSACTION START*
 CARD INSERTED
CARD: ************4417
DATE 30-03-20    TIME 06:13:45
 06:13:46 ATR RECEIVED T=0
 06:13:53 PIN ENTERED
 06:14:07 OPCODE = A   A DB
 06:14:23 NOTES STACKED
 06:14:25 CARD TAKEN

Sample:

529 29/03/20 12:49:13 000002 - will wait another 60seconds before next line
CASH WITHDRAWAL 0,0000.00 ALL - will wait another 60seconds before next line
0000000000******910 - *will wait another 60seconds before next line**
 12:49:35 TRANSACTION END will wait another 60seconds before next line

Hope you get my point.

0 Karma
1 Solution

jadengoho
Builder

Hi All,
I tried everything i can to generate logs one line at a time but unfortunately Splunk eventgen doesn't have that function.
I end up adding it line by line on the Windows desktop.

I hope future version of Splunk eventgen can generate this kind of situation.

View solution in original post

0 Karma

jadengoho
Builder

Hi All,
I tried everything i can to generate logs one line at a time but unfortunately Splunk eventgen doesn't have that function.
I end up adding it line by line on the Windows desktop.

I hope future version of Splunk eventgen can generate this kind of situation.

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In January, the Splunk Threat Research Team had one release of new security content via the Splunk ES Content ...

Expert Tips from Splunk Professional Services, Ensuring Compliance, and More New ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Observability Release Update: AI Assistant, AppD + Observability Cloud Integrations & ...

This month’s releases across the Splunk Observability portfolio deliver earlier detection and faster ...