All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Why is SA-Eventgen not working with Windows?

gamatronics
Engager
‎11-15-2018 01:18 PM

I have scoured the answers on this board, read every tutorial, seen youtube videos, but I'm still not able to get my eventgen to generate any data. Just as context, I'm trying to do the example exercises on the Splunk 7 Essentials book. They describe how to intall SA-Eventgen ant how to install sample files, data files, eventget.conf etc. but it is still not working for me.

I think I'm missing something very basic, according to all the answers. When something goes wrong, you're supposed to look into the log file, or in this case the eventgen log file. I go into Splunk home/var/log/splunk and I don't even see the log file.

On the Splunk query line, I'm using "index=main", but I'm not able to see anything.

Any help I can get will be greatly appreciated. Thanks in advance.

Reply

gjanders
SplunkTrust
SplunkTrust
‎11-22-2018 01:59 PM

Try

index=_internal sourcetype=*eventgen*

I believe eventgen keeps a log in $SPLUNK_HOME/var/log/splunk/eventgen

-
Alerts for Splunk Admins, Version Control for Splunk, Decrypt2 VersionControl For SplunkCloud
0 Karma
Reply

kamlesh_vaghela
SplunkTrust
SplunkTrust
‎11-22-2018 09:28 AM

@gamatronics

I think you have to enable modular input for SA Eventgen.
Go to: Setting->Data inputs » SA-Eventgen and enable eventgen_modinput.

0 Karma
Reply

tangym
New Member
‎11-29-2019 10:42 PM

This works for me thanks

0 Karma
Reply

dauren_akilbeko
Communicator
‎11-15-2018 11:40 PM

What version of Splunk and Eventgen are you using?

0 Karma
Reply

gamatronics
Engager
‎11-16-2018 07:47 AM

Splunk Enterprise 7.2.1
Eventgen 6.3.0, I downloaded it from https://github.com/splunk/eventgen

0 Karma
Reply

dauren_akilbeko
Communicator
‎11-16-2018 08:42 PM

It seems they've changed few things https://github.com/splunk/eventgen/pull/105/commits/0c7102ffb0baec54c88b2d53bd6d68aedcd69b6f

0 Karma
Reply

dauren_akilbeko
Communicator
‎11-16-2018 08:39 PM

Yeah checked it on windows 10, splunk 7.2.1 and eventgen 6.3.1, it doesn't work for me either.

0 Karma
Reply
Get Updates on the Splunk Community!

Observe and Secure All Apps with Splunk

  Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

Splunk Decoded: Business Transactions vs Business IQ

It’s the morning of Black Friday, and your e-commerce site is handling 10x normal traffic. Orders are flowing, ...

Fastest way to demo Observability

I’ve been having a lot of fun learning about Kubernetes and Observability. I set myself an interesting ...