All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to Set Varying Limit of Events Generated per Hour in SA-Eventgen to Emulate a Pattern from 1 Line of Sample?

Amusthofa
Explorer
‎02-11-2020 12:40 AM

Hi, Folks.

Say, I have a file with 1 line of sample text. My goal is to emulate patterns like this:

1 AM = 10 events
2 AM = 10 events
3 AM = 15 events
4 AM = 20 events
...
1 PM = 1000 events
2 PM = 1200 events
3 PM = 700 events
4 PM = 300 events
...

and so forth.

I understand that I can use the likes of minuteOfHourRate, hourOfDayRate, etc to have this kind of pattern IF I have sample files with multiple lines of sample event in it.

Is it possible to do the same if I only have 1 line in my sample file? Please advise.

Thank you.

Tags (1)
0 Karma
Reply

lwu_splunk
Splunk Employee
Splunk Employee
‎02-12-2020 04:17 AM

It should be fine to get it work though I have not tested it. But why do you provide only one line sample file, it is not hard to provide a multiple lines sample file.

0 Karma
Reply
Get Updates on the Splunk Community!

Dashboards: Hiding charts while search is being executed and other uses for tokens

There are a couple of features of SimpleXML / Classic dashboards that can be used to enhance the user ...

Splunk Observability Cloud's AI Assistant in Action Series: Explaining Metrics and ...

This is the fourth post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how ...

Brains, Bytes, and Boston: Learn from the Best at .conf25

When you think of Boston, you might picture colonial charm, world-class universities, or even the crack of a ...