All Apps and Add-ons

Splunk eventgen 6.5.2 folder structure

deodion
Path Finder

I see a lot of changes inside of Splunk Eventgen 6.5.2 (and 7.0.0),
I use sa_eventgen_6.5.2.spl install it via splunk web 8.0.1,
and restart it, I see in index=_internal:

01-06-2020 17:55:29.305 +0700 ERROR ExecProcessor - message from "/opt/splunk/bin/python2.7 /opt/splunk/etc/apps/SA-Eventgen/bin/modinput_eventgen.py" 2020-01-06 17:55:29 eventgen        INFO     MainProcess {'event': 'All timers have finished, signalling workers to exit.'}

01-06-2020 17:55:29.305 +0700 ERROR ExecProcessor - message from "/opt/splunk/bin/python2.7 /opt/splunk/etc/apps/SA-Eventgen/bin/modinput_eventgen.py" 2020-01-06 17:55:29 eventgen        INFO     MainProcess {'event': "All timers started, joining queue until it's empty."}

01-06-2020 17:55:29.304 +0700 ERROR ExecProcessor - message from "/opt/splunk/bin/python2.7 /opt/splunk/etc/apps/SA-Eventgen/bin/modinput_eventgen.py" 2020-01-06 17:55:29 eventgen        INFO     MainProcess {'event': 'No samples found.  Exiting.'}

01-06-2020 17:55:29.196 +0700 ERROR ExecProcessor - message from "/opt/splunk/bin/python2.7 /opt/splunk/etc/apps/SA-Eventgen/bin/modinput_eventgen.py" 2020-01-06 17:55:29 eventgen        DEBUG    MainProcess {'event': "Loading module 'rater.perdayvolume' from 'perdayvolume.py'"}

01-06-2020 17:55:29.196 +0700 ERROR ExecProcessor - message from "/opt/splunk/bin/python2.7 /opt/splunk/etc/apps/SA-Eventgen/bin/modinput_eventgen.py" 2020-01-06 17:55:29 eventgen        DEBUG    MainProcess {'event': "Searching for plugin in file '/opt/splunk/etc/apps/SA-Eventgen/lib/splunk_eventgen/lib/plugins/rater/perdayvolume.py'"}

01-06-2020 17:55:29.195 +0700 ERROR ExecProcessor - message from "/opt/splunk/bin/python2.7 /opt/splunk/etc/apps/SA-Eventgen/bin/modinput_eventgen.py" 2020-01-06 17:55:29 eventgen        DEBUG    MainProcess {'event': "Loading module 'rater.config' from 'config.py'"}

01-06-2020 17:55:29.194 +0700 ERROR ExecProcessor - message from "/opt/splunk/bin/python2.7 /opt/splunk/etc/apps/SA-Eventgen/bin/modinput_eventgen.py" 2020-01-06 17:55:29 eventgen        DEBUG    MainProcess {'event': "Searching for plugin in file '/opt/splunk/etc/apps/SA-Eventgen/lib/splunk_eventgen/lib/plugins/rater/config.py'"}

01-06-2020 17:55:29.194 +0700 ERROR ExecProcessor - message from "/opt/splunk/bin/python2.7 /opt/splunk/etc/apps/SA-Eventgen/bin/modinput_eventgen.py" 2020-01-06 17:55:29 eventgen        DEBUG    MainProcess {'event': 'looking for plugin(s) in /opt/splunk/etc/apps/SA-Eventgen/lib/splunk_eventgen/lib/plugins/rater'}

01-06-2020 17:55:29.193 +0700 ERROR ExecProcessor - message from "/opt/splunk/bin/python2.7 /opt/splunk/etc/apps/SA-Eventgen/bin/modinput_eventgen.py" 2020-01-06 17:55:29 eventgen        DEBUG    MainProcess {'event': "Loading module 'generator.windbag' from 'windbag.py'"}

01-06-2020 17:55:29.192 +0700 ERROR ExecProcessor - message from "/opt/splunk/bin/python2.7 /opt/splunk/etc/apps/SA-Eventgen/bin/modinput_eventgen.py" 2020-01-06 17:55:29 eventgen        DEBUG    MainProcess {'event': "Searching for plugin in file '/opt/splunk/etc/apps/SA-Eventgen/lib/splunk_eventgen/lib/plugins/generator/windbag.py'"}

01-06-2020 17:55:29.192 +0700 ERROR ExecProcessor - message from "/opt/splunk/bin/python2.7 /opt/splunk/etc/apps/SA-Eventgen/bin/modinput_eventgen.py" 2020-01-06 17:55:29 eventgen        DEBUG    MainProcess {'event': "Loading module 'generator.weblog' from 'weblog.py'"}

01-06-2020 17:55:29.191 +0700 ERROR ExecProcessor - message from "/opt/splunk/bin/python2.7 /opt/splunk/etc/apps/SA-Eventgen/bin/modinput_eventgen.py" 2020-01-06 17:55:29 eventgen        DEBUG    MainProcess {'event': "Searching for plugin in file '/opt/splunk/etc/apps/SA-Eventgen/lib/splunk_eventgen/lib/plugins/generator/weblog.py'"}

01-06-2020 17:55:29.191 +0700 ERROR ExecProcessor - message from "/opt/splunk/bin/python2.7 /opt/splunk/etc/apps/SA-Eventgen/bin/modinput_eventgen.py" 2020-01-06 17:55:29 eventgen        DEBUG    MainProcess {'event': "Loading module 'generator.replay' from 'replay.py'"}

01-06-2020 17:55:29.190 +0700 ERROR ExecProcessor - message from "/opt/splunk/bin/python2.7 /opt/splunk/etc/apps/SA-Eventgen/bin/modinput_eventgen.py" 2020-01-06 17:55:29 eventgen        DEBUG    MainProcess {'event': "Searching for plugin in file '/opt/splunk/etc/apps/SA-Eventgen/lib/splunk_eventgen/lib/plugins/generator/replay.py'"}

01-06-2020 17:55:29.189 +0700 ERROR ExecProcessor - message from "/opt/splunk/bin/python2.7 /opt/splunk/etc/apps/SA-Eventgen/bin/modinput_eventgen.py" 2020-01-06 17:55:29 eventgen        DEBUG    MainProcess {'event': "Loading module 'generator.perdayvolumegenerator' from 'perdayvolumegenerator.py'"}

01-06-2020 17:55:29.189 +0700 ERROR ExecProcessor - message from "/opt/splunk/bin/python2.7 /opt/splunk/etc/apps/SA-Eventgen/bin/modinput_eventgen.py" 2020-01-06 17:55:29 eventgen        DEBUG    MainProcess {'event': "Searching for plugin in file '/opt/splunk/etc/apps/SA-Eventgen/lib/splunk_eventgen/lib/plugins/generator/perdayvolumegenerator.py'"}

Is that normal?

There are about three "similar" folder I found
/SPLUNK_HOME/etc/apps/SA-Eventgen
/SPLUNK_HOME/etc/apps/SA-Eventgen/lib/splunk_eventgen
/SPLUNK_HOME/etc/apps/SA-Eventgen/lib/splunk_eventgen/splunk_apps

What is the purpose of them?

there is no explanation about it in documentation,
some say the doc in http://splunk.github.io/eventgen/ is not clear enough, which I also agree,

Perhaps anyone can help to enlight? Thanks

Tags (2)
0 Karma

badr_boukari
Explorer

Hey everyone, 

Please Help! I have the same problem here! 

I configure eventgen.conf to see some logs and it doesn't work .... When i checked "splunkd.log" i can see that the error comes from the script " modinput_eventgen.py "

Screen_Error_modinput_eventgen.PNG

 
 
 
 
 

Thanks in advance.

Best regards.

0 Karma

lwu_splunk
Splunk Employee
Splunk Employee

Thanks for posting that. We already have tickets to track the ERROR log issue you mentioned above.

And the code structure is also need to be clarify when ship as Splunk app. It is caused by historical reason that we need to ship Eventgen as both pip module and Splunk app.

0 Karma

ershishirkumar
Explorer

Hello buddy, could you please help me in this thread ???? I am not getting any solution for this

https://answers.splunk.com/answers/793070/how-to-install-eventgen-and-configure-splunk-butte.html

0 Karma
Get Updates on the Splunk Community!

Exporting Splunk Apps

Join us on Monday, October 21 at 11 am PT | 2 pm ET!With the app export functionality, app developers and ...

Cisco Use Cases, ITSI Best Practices, and More New Articles from Splunk Lantern

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Build Your First SPL2 App!

Watch the recording now!.Do you want to SPL™, too? SPL2, Splunk's next-generation data search and preparation ...