Hello fellow Splunkers,

I'm using Splunk Eventgen for simulating some data records that are required to test certain queries. I want to generate 1000 events (each event corresponds to a unique service Id represented using a field svcId) in an interval of 5 minutes. Therefore I expect 1000 svcIds to be generated every 5minutes with one and only one event per svcId in each 5 minute interval. However when I implemented this using a sample app with the required eventgen.conf and a sample record I see that there are 3 records  generated per svcId within every 5 minute interval . 

Based on the data observed from the logs in the eventgen code , I think modinput code is spawning three threads by default and each thread is generating data independently based on the eventgent.conf inputs. I have played around with some of the other settings in the eventgen.conf like maxIntervalsBeforeFlush, maxQueueSize, delay etc , but so far unsuccessful .Not sure what am I doing wrong here.

Appreciate the help from the gurus here , who can help me understand what is being done wrong here. Thanks .

Below are the configurations that I use for my test app

eventgen.conf

[seo]
sampletype = csv
interval = 300
count = 1000
outputMode = splunkstream

token.0.token = (timeRecorded=\d+)000,
token.0.replacementType = timestamp
token.0.replacement = %s

token.1.token = (svcId=\d+)
token.1.replacementType = integerid
token.1.replacement = 1000

token.2.token = lag-105:355.(\d+)
token.2.replacementType = integerid
token.2.replacement = 1000

token.3.token = (policerId=2)
token.3.replacementType = static
token.3.replacement = 2

token.4.token = (timeCaptured=\d+)000,
token.4.replacementType = timestamp
token.4.replacement = %s

token.5.token = (allOctetsDropped=\d+)
token.5.replacementType = static
token.5.replacement = 0

token.6.token = (allOctetsForwarded=\d+),
token.6.replacementType = random
token.6.replacement = integer[1000000:9999999]

token.7.token = (allOctetsOffered=\d+),
token.7.replacementType = static
token.7.replacement = 0

Sample file (seo)

index,host,source,sourcetype,"_raw"
"main","test_host2","test_source","test_src_type","timeRecorded=1611533616000,svcId=13088157,0,lag-105:355.1513,policerId=2,timeCaptured=1611535424000,,,,,allOctetsDropped=0,allOctetsForwarded=2924133555698,allOctetsOffered=292713155698,,,,,minimal"