Archive

How do I collect fake data automatically in Splunk?

New Member

hello,

I'm new to Splunk and am using the Splunk Free license. I would like to find a way to collect data automatically, so i can test certain things in Splunk such as how long does it take to ingest certain data, how much storage this data is taking etc. But i have't find the way to collect (fake data) automatically to Splunk.

Is there an easy way to do it on Splunk Enterprise (search and reporting) Please help, thank you in advance!!!

0 Karma
1 Solution

Super Champion

I guess you might need to understand a bit of inputs.conf, props.conf etc. before you do the excercise in my opinion.

Once you understand, then...

  1. Just install splunk. Splunk have quite plenty of data within _internal index of itself. You can get about 50-200MB of data for practise within _internal

  2. If you want to create dummy data, the best module to use is called EventGen. Please find a video1 of it. Eventgen is flexible to any degree and can generate data to giga bytes if you wish.

View solution in original post

0 Karma

Splunk Employee
Splunk Employee

EventGen has been superseded by SimData.

For the purposes of creating volumes of data however, EventGen is probably the way to go 🙂

0 Karma

Super Champion

I had also noted this. But the major issue is SimData requires JVM which may not be available on all systems. But EventGen uses python anyway which is included in Splunk. Again its choice of people.

Super Champion

I guess you might need to understand a bit of inputs.conf, props.conf etc. before you do the excercise in my opinion.

Once you understand, then...

  1. Just install splunk. Splunk have quite plenty of data within _internal index of itself. You can get about 50-200MB of data for practise within _internal

  2. If you want to create dummy data, the best module to use is called EventGen. Please find a video1 of it. Eventgen is flexible to any degree and can generate data to giga bytes if you wish.

View solution in original post

0 Karma

New Member

Thank you so much!!! Both videos are so helpful. however, i already have Splunk installed on Mac computer, but under Data Input it's not showing me the option for "Local Event Log Collection" as it shown on the video. Is there any other option i can use to collect data ? Beside using the EventGen
Thank you!

0 Karma

Super Champion

collection is very simple. Just configure an inputs.conf and put all your files into the directory

0 Karma