All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Splunk eventgen 6.5.2 folder structure

deodion
Path Finder
‎01-06-2020 03:15 AM

I see a lot of changes inside of Splunk Eventgen 6.5.2 (and 7.0.0),
I use sa_eventgen_6.5.2.spl install it via splunk web 8.0.1,
and restart it, I see in index=_internal:

01-06-2020 17:55:29.305 +0700 ERROR ExecProcessor - message from "/opt/splunk/bin/python2.7 /opt/splunk/etc/apps/SA-Eventgen/bin/modinput_eventgen.py" 2020-01-06 17:55:29 eventgen        INFO     MainProcess {'event': 'All timers have finished, signalling workers to exit.'}

01-06-2020 17:55:29.305 +0700 ERROR ExecProcessor - message from "/opt/splunk/bin/python2.7 /opt/splunk/etc/apps/SA-Eventgen/bin/modinput_eventgen.py" 2020-01-06 17:55:29 eventgen        INFO     MainProcess {'event': "All timers started, joining queue until it's empty."}

01-06-2020 17:55:29.304 +0700 ERROR ExecProcessor - message from "/opt/splunk/bin/python2.7 /opt/splunk/etc/apps/SA-Eventgen/bin/modinput_eventgen.py" 2020-01-06 17:55:29 eventgen        INFO     MainProcess {'event': 'No samples found.  Exiting.'}

01-06-2020 17:55:29.196 +0700 ERROR ExecProcessor - message from "/opt/splunk/bin/python2.7 /opt/splunk/etc/apps/SA-Eventgen/bin/modinput_eventgen.py" 2020-01-06 17:55:29 eventgen        DEBUG    MainProcess {'event': "Loading module 'rater.perdayvolume' from 'perdayvolume.py'"}

01-06-2020 17:55:29.196 +0700 ERROR ExecProcessor - message from "/opt/splunk/bin/python2.7 /opt/splunk/etc/apps/SA-Eventgen/bin/modinput_eventgen.py" 2020-01-06 17:55:29 eventgen        DEBUG    MainProcess {'event': "Searching for plugin in file '/opt/splunk/etc/apps/SA-Eventgen/lib/splunk_eventgen/lib/plugins/rater/perdayvolume.py'"}

01-06-2020 17:55:29.195 +0700 ERROR ExecProcessor - message from "/opt/splunk/bin/python2.7 /opt/splunk/etc/apps/SA-Eventgen/bin/modinput_eventgen.py" 2020-01-06 17:55:29 eventgen        DEBUG    MainProcess {'event': "Loading module 'rater.config' from 'config.py'"}

01-06-2020 17:55:29.194 +0700 ERROR ExecProcessor - message from "/opt/splunk/bin/python2.7 /opt/splunk/etc/apps/SA-Eventgen/bin/modinput_eventgen.py" 2020-01-06 17:55:29 eventgen        DEBUG    MainProcess {'event': "Searching for plugin in file '/opt/splunk/etc/apps/SA-Eventgen/lib/splunk_eventgen/lib/plugins/rater/config.py'"}

01-06-2020 17:55:29.194 +0700 ERROR ExecProcessor - message from "/opt/splunk/bin/python2.7 /opt/splunk/etc/apps/SA-Eventgen/bin/modinput_eventgen.py" 2020-01-06 17:55:29 eventgen        DEBUG    MainProcess {'event': 'looking for plugin(s) in /opt/splunk/etc/apps/SA-Eventgen/lib/splunk_eventgen/lib/plugins/rater'}

01-06-2020 17:55:29.193 +0700 ERROR ExecProcessor - message from "/opt/splunk/bin/python2.7 /opt/splunk/etc/apps/SA-Eventgen/bin/modinput_eventgen.py" 2020-01-06 17:55:29 eventgen        DEBUG    MainProcess {'event': "Loading module 'generator.windbag' from 'windbag.py'"}

01-06-2020 17:55:29.192 +0700 ERROR ExecProcessor - message from "/opt/splunk/bin/python2.7 /opt/splunk/etc/apps/SA-Eventgen/bin/modinput_eventgen.py" 2020-01-06 17:55:29 eventgen        DEBUG    MainProcess {'event': "Searching for plugin in file '/opt/splunk/etc/apps/SA-Eventgen/lib/splunk_eventgen/lib/plugins/generator/windbag.py'"}

01-06-2020 17:55:29.192 +0700 ERROR ExecProcessor - message from "/opt/splunk/bin/python2.7 /opt/splunk/etc/apps/SA-Eventgen/bin/modinput_eventgen.py" 2020-01-06 17:55:29 eventgen        DEBUG    MainProcess {'event': "Loading module 'generator.weblog' from 'weblog.py'"}

01-06-2020 17:55:29.191 +0700 ERROR ExecProcessor - message from "/opt/splunk/bin/python2.7 /opt/splunk/etc/apps/SA-Eventgen/bin/modinput_eventgen.py" 2020-01-06 17:55:29 eventgen        DEBUG    MainProcess {'event': "Searching for plugin in file '/opt/splunk/etc/apps/SA-Eventgen/lib/splunk_eventgen/lib/plugins/generator/weblog.py'"}

01-06-2020 17:55:29.191 +0700 ERROR ExecProcessor - message from "/opt/splunk/bin/python2.7 /opt/splunk/etc/apps/SA-Eventgen/bin/modinput_eventgen.py" 2020-01-06 17:55:29 eventgen        DEBUG    MainProcess {'event': "Loading module 'generator.replay' from 'replay.py'"}

01-06-2020 17:55:29.190 +0700 ERROR ExecProcessor - message from "/opt/splunk/bin/python2.7 /opt/splunk/etc/apps/SA-Eventgen/bin/modinput_eventgen.py" 2020-01-06 17:55:29 eventgen        DEBUG    MainProcess {'event': "Searching for plugin in file '/opt/splunk/etc/apps/SA-Eventgen/lib/splunk_eventgen/lib/plugins/generator/replay.py'"}

01-06-2020 17:55:29.189 +0700 ERROR ExecProcessor - message from "/opt/splunk/bin/python2.7 /opt/splunk/etc/apps/SA-Eventgen/bin/modinput_eventgen.py" 2020-01-06 17:55:29 eventgen        DEBUG    MainProcess {'event': "Loading module 'generator.perdayvolumegenerator' from 'perdayvolumegenerator.py'"}

01-06-2020 17:55:29.189 +0700 ERROR ExecProcessor - message from "/opt/splunk/bin/python2.7 /opt/splunk/etc/apps/SA-Eventgen/bin/modinput_eventgen.py" 2020-01-06 17:55:29 eventgen        DEBUG    MainProcess {'event': "Searching for plugin in file '/opt/splunk/etc/apps/SA-Eventgen/lib/splunk_eventgen/lib/plugins/generator/perdayvolumegenerator.py'"}

Is that normal?

There are about three "similar" folder I found
/SPLUNK_HOME/etc/apps/SA-Eventgen
/SPLUNK_HOME/etc/apps/SA-Eventgen/lib/splunk_eventgen
/SPLUNK_HOME/etc/apps/SA-Eventgen/lib/splunk_eventgen/splunk_apps

What is the purpose of them?

there is no explanation about it in documentation,
some say the doc in http://splunk.github.io/eventgen/ is not clear enough, which I also agree,

Perhaps anyone can help to enlight? Thanks

Tags (2)
0 Karma
Reply

badr_boukari
Explorer
‎10-08-2020 04:40 AM

Hey everyone, 

Please Help! I have the same problem here! 

I configure eventgen.conf to see some logs and it doesn't work .... When i checked "splunkd.log" i can see that the error comes from the script " modinput_eventgen.py "

Screen_Error_modinput_eventgen.PNG

 
 
 
 
 

Thanks in advance.

Best regards.

Preview file
157 KB
0 Karma
Reply

lwu_splunk
Splunk Employee
Splunk Employee
‎01-07-2020 12:38 AM

Thanks for posting that. We already have tickets to track the ERROR log issue you mentioned above.

And the code structure is also need to be clarify when ship as Splunk app. It is caused by historical reason that we need to ship Eventgen as both pip module and Splunk app.

0 Karma
Reply

ershishirkumar
Explorer
‎01-09-2020 05:56 AM

Hello buddy, could you please help me in this thread ???? I am not getting any solution for this

https://answers.splunk.com/answers/793070/how-to-install-eventgen-and-configure-splunk-butte.html

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...