Solved: How to stop the eventgen and how to get the number...

chitra · ‎02-10-2015

i want to know the number of events generated by eventgen, is it update this count somewhere in the log file?
On restart of splunkd daemon, eventgen generating the file, how can i stop the eventgen when it reaches to specific event count?

lmyrefelt · ‎02-11-2015

You can stop the eventgen (easiest) by "Disabling" the app under "App management".

To check how many events you have generated:
index=eventGenIndex | stats count

| metadata type=sourcetypes index=eventGenIndex

Not sure you can stop the eventgen after a specific number of events (with out writing a script) ... maybe it is a config question?
docs:

https://github.com/coccyx/eventgen

https://apps.splunk.com/app/1924/#/documentation

View solution in original post

Venkat_16 · ‎09-21-2015

The application can be disabled by commenting the eventgen.conf file with "#".

lmyrefelt · ‎02-11-2015

You can stop the eventgen (easiest) by "Disabling" the app under "App management".

To check how many events you have generated:
index=eventGenIndex | stats count

| metadata type=sourcetypes index=eventGenIndex

Not sure you can stop the eventgen after a specific number of events (with out writing a script) ... maybe it is a config question?
docs:

https://github.com/coccyx/eventgen

https://apps.splunk.com/app/1924/#/documentation

koshyk · ‎03-26-2015

disabling still generates event (i've tried sample tutorial2) 😞

How to stop the eventgen and how to get the number of events generated by eventgen?

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

Index This | What are the 12 Days of Splunk-mas?