All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

What the point of using different outputMode in EventGen ?

rendi7936
New Member
‎01-05-2020 07:24 PM

I use tcpout and udpout outputMode with same sample log. As expected, both get same result.
Even, i do not know how to identify which one from tcpout or udpout.

Another case, when i use httpevent outputMode, i should included httpeventServers configuration.
Because, every outputMode have MUST HAVE configuration.

I include valid token in httpeventServers. And it works.
But when i use wrong token in httpeventServers. It works, too.

My question is why EventGen have so many outputMode when we can use only one outputMode to generate eventdata and its result is same like we using another outputMode ?

Tags (2)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

lwu_splunk
Splunk Employee
Splunk Employee
‎01-07-2020 12:35 AM

I do not think httpevent with wrong httpeventServr will work. outputMode is used to send events to different targets. For example if you are using httpvent mode, you are using HEC to send events to Splunk. UDP outputMode is useful when you want to send syslog to splunk via UDP port.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

lwu_splunk
Splunk Employee
Splunk Employee
‎01-07-2020 12:35 AM

I do not think httpevent with wrong httpeventServr will work. outputMode is used to send events to different targets. For example if you are using httpvent mode, you are using HEC to send events to Splunk. UDP outputMode is useful when you want to send syslog to splunk via UDP port.

0 Karma
Reply
Solved! Jump to solution

rendi7936
New Member
‎01-07-2020 01:33 AM

I am pretty sure about it, httpevent also work when using valid or wrong httpeventServers. I say this because i

In this case, i use 2 instance installed with Splunk Enterprise 8.0.1. 1 instance ( SPLUNK8-Eventgen ) installed with Eventgen as Splunk Apps. Another instance ( SPLUNK8 ) have enabled HEC until it shows up the HEC token.

And then, i create eventgen.conf to generate event and sent it to SPLUNK8 by using httpeventServers configuration ( valid HEC token included ).

SPLUNK8 does not receive the generated event. But, the generated event is show up in SPLUNK8-Eventgen.

Even, i use wrong HEC token. This is will happening again. That's why i ask a help in Splunk Answer.

Is it outputMode in Eventgen only work as Python Module only not as Splunk Apps ? or this is a bug ?

0 Karma
Reply
Solved! Jump to solution

lwu_splunk
Splunk Employee
Splunk Employee
‎01-07-2020 04:10 AM

Yes, outputMode only works with Python Module. This is by design since Splunk App is using the modinput outputMode.

0 Karma
Reply
Solved! Jump to solution

lwu_splunk
Splunk Employee
Splunk Employee
‎01-07-2020 04:10 AM

Yes, outputMode only works with Python Module. This is by design since Splunk App is using the modinput outputMode.

0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey

Can’t make it to .conf25? Join us online!

Watch Global Broadcast
Get Updates on the Splunk Community!

Can’t Make It to Boston? Stream .conf25 and Learn with Haya Husain

Boston may be buzzing this September with Splunk University and .conf25, but you don’t have to pack a bag to ...

Splunk Lantern’s Guide to The Most Popular .conf25 Sessions

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Unlock What’s Next: The Splunk Cloud Platform at .conf25

In just a few days, Boston will be buzzing as the Splunk team and thousands of community members come together ...