Archive
Highlighted

Eventgen is not generating any data.

Communicator

Hello dear SPlunkers. I'm trying to generate some access log data in Splunk by Eventgen but I might be doing something wrong.
1) Created "testapp" folder in splunk/etc/apps
2) Have put eventgen in test
app/default/
3) Got some access log samples from Splunk TA Apache

Please find attached screenshots below. Thanks in advance!

0 Karma
Highlighted

Re: Eventgen is not generating any data.

SplunkTrust
SplunkTrust

@damiko

Are you using the latest Eventgen ?? https://splunkbase.splunk.com/app/1924

Can you please check, SA-Eventgen as an input under Settings>Data inputs are enabled?.

see: http://splunk.github.io/eventgen/SETUP.html#Finishing%20the%20Install

0 Karma
Highlighted

Re: Eventgen is not generating any data.

Communicator

Yes, I'm using the latest EvGen and Yes Data inputs are enabled.

0 Karma
Highlighted

Re: Eventgen is not generating any data.

SplunkTrust
SplunkTrust

@damiko

Can you please share your sample events and sample values?

0 Karma
Highlighted

Re: Eventgen is not generating any data.

Communicator

Sure, no problem. However, where do I get sample events? Sorry, new to Splunk 🙂
https://ibb.co/X2RBdN9
https://ibb.co/ynCDcRm

0 Karma
Highlighted

Re: Eventgen is not generating any data.

SplunkTrust
SplunkTrust

From the samples folder. See your screenshot screenshot-89.png .

Highlighted

Re: Eventgen is not generating any data.

Communicator

Please follow the links I've added on my previous comment.

0 Karma
Highlighted

Re: Eventgen is not generating any data.

SplunkTrust
SplunkTrust

@damiko

It would be great if you gave me the first line (As a text) from apacheaccesslog.sample.
:)

Highlighted

Re: Eventgen is not generating any data.

Communicator

Oh, ok. My bad 😄
Please check below:
There are 3 cell symbols before SRC, but they keep being deleted in a comment, not in splunk folder 🙂

SRCIP ### ### SITE ### - ### USER ### 80 [03/May/2016:12:59:05 -0700] "GET /server-status?auto HTTP/1.1" "?auto" 200 871 "-" "### USERAGENT ###" 146 1024 1253

0 Karma
Highlighted

Re: Eventgen is not generating any data.

SplunkTrust
SplunkTrust

Thanks @damiko

Meanwhile can you please check any backend error in splunkd?? Just execute below search/

index="_internal" eventgen ERROR