All Apps and Add-ons

Splunk eventgen 6.5.2 folder structure

deodion
Path Finder

I see a lot of changes inside of Splunk Eventgen 6.5.2 (and 7.0.0),
I use sa_eventgen_6.5.2.spl install it via splunk web 8.0.1,
and restart it, I see in index=_internal:

01-06-2020 17:55:29.305 +0700 ERROR ExecProcessor - message from "/opt/splunk/bin/python2.7 /opt/splunk/etc/apps/SA-Eventgen/bin/modinput_eventgen.py" 2020-01-06 17:55:29 eventgen        INFO     MainProcess {'event': 'All timers have finished, signalling workers to exit.'}

01-06-2020 17:55:29.305 +0700 ERROR ExecProcessor - message from "/opt/splunk/bin/python2.7 /opt/splunk/etc/apps/SA-Eventgen/bin/modinput_eventgen.py" 2020-01-06 17:55:29 eventgen        INFO     MainProcess {'event': "All timers started, joining queue until it's empty."}

01-06-2020 17:55:29.304 +0700 ERROR ExecProcessor - message from "/opt/splunk/bin/python2.7 /opt/splunk/etc/apps/SA-Eventgen/bin/modinput_eventgen.py" 2020-01-06 17:55:29 eventgen        INFO     MainProcess {'event': 'No samples found.  Exiting.'}

01-06-2020 17:55:29.196 +0700 ERROR ExecProcessor - message from "/opt/splunk/bin/python2.7 /opt/splunk/etc/apps/SA-Eventgen/bin/modinput_eventgen.py" 2020-01-06 17:55:29 eventgen        DEBUG    MainProcess {'event': "Loading module 'rater.perdayvolume' from 'perdayvolume.py'"}

01-06-2020 17:55:29.196 +0700 ERROR ExecProcessor - message from "/opt/splunk/bin/python2.7 /opt/splunk/etc/apps/SA-Eventgen/bin/modinput_eventgen.py" 2020-01-06 17:55:29 eventgen        DEBUG    MainProcess {'event': "Searching for plugin in file '/opt/splunk/etc/apps/SA-Eventgen/lib/splunk_eventgen/lib/plugins/rater/perdayvolume.py'"}

01-06-2020 17:55:29.195 +0700 ERROR ExecProcessor - message from "/opt/splunk/bin/python2.7 /opt/splunk/etc/apps/SA-Eventgen/bin/modinput_eventgen.py" 2020-01-06 17:55:29 eventgen        DEBUG    MainProcess {'event': "Loading module 'rater.config' from 'config.py'"}

01-06-2020 17:55:29.194 +0700 ERROR ExecProcessor - message from "/opt/splunk/bin/python2.7 /opt/splunk/etc/apps/SA-Eventgen/bin/modinput_eventgen.py" 2020-01-06 17:55:29 eventgen        DEBUG    MainProcess {'event': "Searching for plugin in file '/opt/splunk/etc/apps/SA-Eventgen/lib/splunk_eventgen/lib/plugins/rater/config.py'"}

01-06-2020 17:55:29.194 +0700 ERROR ExecProcessor - message from "/opt/splunk/bin/python2.7 /opt/splunk/etc/apps/SA-Eventgen/bin/modinput_eventgen.py" 2020-01-06 17:55:29 eventgen        DEBUG    MainProcess {'event': 'looking for plugin(s) in /opt/splunk/etc/apps/SA-Eventgen/lib/splunk_eventgen/lib/plugins/rater'}

01-06-2020 17:55:29.193 +0700 ERROR ExecProcessor - message from "/opt/splunk/bin/python2.7 /opt/splunk/etc/apps/SA-Eventgen/bin/modinput_eventgen.py" 2020-01-06 17:55:29 eventgen        DEBUG    MainProcess {'event': "Loading module 'generator.windbag' from 'windbag.py'"}

01-06-2020 17:55:29.192 +0700 ERROR ExecProcessor - message from "/opt/splunk/bin/python2.7 /opt/splunk/etc/apps/SA-Eventgen/bin/modinput_eventgen.py" 2020-01-06 17:55:29 eventgen        DEBUG    MainProcess {'event': "Searching for plugin in file '/opt/splunk/etc/apps/SA-Eventgen/lib/splunk_eventgen/lib/plugins/generator/windbag.py'"}

01-06-2020 17:55:29.192 +0700 ERROR ExecProcessor - message from "/opt/splunk/bin/python2.7 /opt/splunk/etc/apps/SA-Eventgen/bin/modinput_eventgen.py" 2020-01-06 17:55:29 eventgen        DEBUG    MainProcess {'event': "Loading module 'generator.weblog' from 'weblog.py'"}

01-06-2020 17:55:29.191 +0700 ERROR ExecProcessor - message from "/opt/splunk/bin/python2.7 /opt/splunk/etc/apps/SA-Eventgen/bin/modinput_eventgen.py" 2020-01-06 17:55:29 eventgen        DEBUG    MainProcess {'event': "Searching for plugin in file '/opt/splunk/etc/apps/SA-Eventgen/lib/splunk_eventgen/lib/plugins/generator/weblog.py'"}

01-06-2020 17:55:29.191 +0700 ERROR ExecProcessor - message from "/opt/splunk/bin/python2.7 /opt/splunk/etc/apps/SA-Eventgen/bin/modinput_eventgen.py" 2020-01-06 17:55:29 eventgen        DEBUG    MainProcess {'event': "Loading module 'generator.replay' from 'replay.py'"}

01-06-2020 17:55:29.190 +0700 ERROR ExecProcessor - message from "/opt/splunk/bin/python2.7 /opt/splunk/etc/apps/SA-Eventgen/bin/modinput_eventgen.py" 2020-01-06 17:55:29 eventgen        DEBUG    MainProcess {'event': "Searching for plugin in file '/opt/splunk/etc/apps/SA-Eventgen/lib/splunk_eventgen/lib/plugins/generator/replay.py'"}

01-06-2020 17:55:29.189 +0700 ERROR ExecProcessor - message from "/opt/splunk/bin/python2.7 /opt/splunk/etc/apps/SA-Eventgen/bin/modinput_eventgen.py" 2020-01-06 17:55:29 eventgen        DEBUG    MainProcess {'event': "Loading module 'generator.perdayvolumegenerator' from 'perdayvolumegenerator.py'"}

01-06-2020 17:55:29.189 +0700 ERROR ExecProcessor - message from "/opt/splunk/bin/python2.7 /opt/splunk/etc/apps/SA-Eventgen/bin/modinput_eventgen.py" 2020-01-06 17:55:29 eventgen        DEBUG    MainProcess {'event': "Searching for plugin in file '/opt/splunk/etc/apps/SA-Eventgen/lib/splunk_eventgen/lib/plugins/generator/perdayvolumegenerator.py'"}

Is that normal?

There are about three "similar" folder I found
/SPLUNK_HOME/etc/apps/SA-Eventgen
/SPLUNK_HOME/etc/apps/SA-Eventgen/lib/splunk_eventgen
/SPLUNK_HOME/etc/apps/SA-Eventgen/lib/splunk_eventgen/splunk_apps

What is the purpose of them?

there is no explanation about it in documentation,
some say the doc in http://splunk.github.io/eventgen/ is not clear enough, which I also agree,

Perhaps anyone can help to enlight? Thanks

Tags (2)
0 Karma

badr_boukari
Explorer

Hey everyone, 

Please Help! I have the same problem here! 

I configure eventgen.conf to see some logs and it doesn't work .... When i checked "splunkd.log" i can see that the error comes from the script " modinput_eventgen.py "

Screen_Error_modinput_eventgen.PNG

 
 
 
 
 

Thanks in advance.

Best regards.

0 Karma

lwu_splunk
Splunk Employee
Splunk Employee

Thanks for posting that. We already have tickets to track the ERROR log issue you mentioned above.

And the code structure is also need to be clarify when ship as Splunk app. It is caused by historical reason that we need to ship Eventgen as both pip module and Splunk app.

0 Karma

ershishirkumar
Explorer

Hello buddy, could you please help me in this thread ???? I am not getting any solution for this

https://answers.splunk.com/answers/793070/how-to-install-eventgen-and-configure-splunk-butte.html

0 Karma
Get Updates on the Splunk Community!

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud

Introduction to Splunk Observability Cloud - Building a Resilient Hybrid Cloud  In today’s fast-paced digital ...

Observability protocols to know about

Observability protocols define the specifications or formats for collecting, encoding, transporting, and ...

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...