- Community
- :
- Splunk Answers
- :
- Apps and Add-ons
- :
- All Apps and Add-ons
- :
- Re: How to increase number of events generated by ...
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi, I want to increase the events generated by the eventgen app, for example 50k events per minute how can I do this, what config do I need to use. Below is my eventgen.conf feel free to correct me or if theres anything you can suggest kinldy share it to me thanks.
[sample_logs.csv]
mode = sample
sampletype = csv
timeMultiple = 1
backfill = -10m
backfillSearch = index=perf_index sourcetype=st_sample_logs
outputMode = splunkstream
splunkHost = localhost.localdomain
splunkUser = admin
splunkPass = changeme
token.0.token = \d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2},\d{3,6}
token.0.replacementType = timestamp
token.0.replacement = %Y-%m-%d %H:%M:%S,%f
token.1.token = \d{2}-\d{2}-\d{4} \d{2}:\d{2}:\d{2}.\d{3,6}
token.1.replacementType = timestamp
token.1.replacement = %m-%d-%Y %H:%M:%S.%f
token.2.token = \d{2}/\w{3}/\d{4}:\d{2}:\d{2}:\d{2}.\d{3,6}
token.2.replacementType = timestamp
token.2.replacement = %d/%b/%Y:%H:%M:%S.%f
token.3.token = \d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}
token.3.replacementType = timestamp
token.3.replacement = %Y-%m-%d %H:%M:%S
token.4.token = \d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}
token.4.replacementType = timestamp
token.4.replacement = %Y-%m-%dT%H:%M:%S
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hey
Well, as far as I know, there is no specific command to increase the number of events generated by eventgen.
From the description, I can see that you are using sample mode so you can include the interval option in order to generate more events.
interval = <integer>
* Only valid in mode = sample
* How often to generate sample (in seconds).
* 0 means disabled.
* Defaults to 60 seconds.
Right now you are generating events every 60 seconds specify interval = 5 which will generate events every 5 seconds and eventually your events will get increase.
Refer this doc for more info
https://github.com/coccyx/eventgen/blob/master/README/eventgen.conf.spec
let me know if this helps!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hey
Well, as far as I know, there is no specific command to increase the number of events generated by eventgen.
From the description, I can see that you are using sample mode so you can include the interval option in order to generate more events.
interval = <integer>
* Only valid in mode = sample
* How often to generate sample (in seconds).
* 0 means disabled.
* Defaults to 60 seconds.
Right now you are generating events every 60 seconds specify interval = 5 which will generate events every 5 seconds and eventually your events will get increase.
Refer this doc for more info
https://github.com/coccyx/eventgen/blob/master/README/eventgen.conf.spec
let me know if this helps!
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for answering, I've added interval = 5 it make event generation faster but it does not reach the 50k events per minute 🙂
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
your events got increased as compared to earlier events? If yes then by what percentage it got increased?
Also, try interval = 1 and see how much it increases.
Enterprise Security Content Updates (ESCU) - New Releases
Thought Leaders are Validating Your Hard Work and Training Rigor
.conf23 Registration is Now Open!
