All Apps and Add-ons
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Splunk EventGen not working on Windows 10

masambaghost
Explorer
‎10-15-2019 12:59 PM

Good Day Team,

Did anyone manage to get splunk eventgen working on windows 10?
I have been struggling to get it working on my windows 10 PC using splunk v7.3.2. I want to GIT but didnt get much that I understood could help.
I just wanted to follow through on some practical exercises I was setting up.

Regards,

Tags (1)
0 Karma
Reply

ivanreis
Builder
‎10-15-2019 03:45 PM

please read this link -> https://answers.splunk.com/answers/656711/how-to-install-splunk-eventgen-in-a-windows-enviro.html

Here is the step I took to deploy eventgen to my macbook.

  1. Deployed the eventgen at Splunk
  2. Deployed the Splunk_TA_Windows version 4.8.4 This version has a evengen.conf file at default folder
  3. Create a local folder at evengen app
  4. Copy the eventgen.conf from Splunk_TA_Windows app to eventgen local folder

the key to have your eventgen working properly is to extract the correct data using token.

See below a sample configuration for Windows data.

Use Splunk_TA_Windows/default/inputs.conf sequence

Default replacement for all DhcpSrvLog logs

[sample.DhcpSrvLog]
index = windows
source=c:\windows\system32\dhcp\dhcpsrvlog.log
sourcetype = DhcpSrvLog
interval = 300

Generate all events in sample

count = 0
earliest = -5m
latest = now

replace timestamp 10,07/21/06,19:42:47

token.0.token = ^\d+\,(\d{2}\/\d{2}\/\d{2}\,\d{2}:\d{2}:\d{2})
token.0.replacementType = timestamp
token.0.replacement = %m/%d/%y,%H:%M:%S

0 Karma
Reply

masambaghost
Explorer
‎10-16-2019 02:56 AM

Hello,

Thank you for the prompt response:
Firstly, I tried out this link and installed it as an app but when I run a search string (index=main) I get nothing.
I was following the steps in the book Splunk 7 Essentials religiously but to no avail.

I just want a step by step procedure on installing on a Windows 10 PC.

0 Karma
Reply

ivanreis
Builder
‎10-17-2019 12:14 AM

you have to check if this data was send to other index into splunk.

Please troubleshoot the issue, check the internal index to identify which error messages you are getting. Read the procedure and what the videos at youtube to better assist you. I dont have the procedure for windows pc, I do have the macbook, but I believe the installation process should be the same.

0 Karma
Reply

masambaghost
Explorer
‎10-19-2019 12:11 AM

Thank you for the response @ivanreis. I will do that as soon as I knock off and update

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

After a whole week of being on call, you fell asleep on your keyboard, and you hit a sequence of buttons that ...