Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How do I collect fake data automatically in Splunk?

maryamchar
Explorer
‎10-11-2018 10:32 AM

hello,

I'm new to Splunk and am using the Splunk Free license. I would like to find a way to collect data automatically, so i can test certain things in Splunk such as how long does it take to ingest certain data, how much storage this data is taking etc. But i have't find the way to collect (fake data) automatically to Splunk.

Is there an easy way to do it on Splunk Enterprise (search and reporting) Please help, thank you in advance!!!

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

koshyk
Super Champion
‎10-11-2018 11:20 AM

I guess you might need to understand a bit of inputs.conf, props.conf etc. before you do the excercise in my opinion.

Once you understand, then...

  1. Just install splunk. Splunk have quite plenty of data within _internal index of itself. You can get about 50-200MB of data for practise within _internal

  2. If you want to create dummy data, the best module to use is called EventGen. Please find a video1 of it. Eventgen is flexible to any degree and can generate data to giga bytes if you wish.

View solution in original post

0 Karma
Reply
Solved! Jump to solution

sduff_splunk
Splunk Employee
Splunk Employee
‎10-11-2018 07:12 PM

EventGen has been superseded by SimData.

For the purposes of creating volumes of data however, EventGen is probably the way to go 🙂

0 Karma
Reply
Solved! Jump to solution

koshyk
Super Champion
‎10-12-2018 02:42 AM

I had also noted this. But the major issue is SimData requires JVM which may not be available on all systems. But EventGen uses python anyway which is included in Splunk. Again its choice of people.

Reply
Solved! Jump to solution
Solution

koshyk
Super Champion
‎10-11-2018 11:20 AM

I guess you might need to understand a bit of inputs.conf, props.conf etc. before you do the excercise in my opinion.

Once you understand, then...

  1. Just install splunk. Splunk have quite plenty of data within _internal index of itself. You can get about 50-200MB of data for practise within _internal

  2. If you want to create dummy data, the best module to use is called EventGen. Please find a video1 of it. Eventgen is flexible to any degree and can generate data to giga bytes if you wish.

0 Karma
Reply
Solved! Jump to solution

maryamchar
Explorer
‎10-11-2018 11:48 AM

Thank you so much!!! Both videos are so helpful. however, i already have Splunk installed on Mac computer, but under Data Input it's not showing me the option for "Local Event Log Collection" as it shown on the video. Is there any other option i can use to collect data ? Beside using the EventGen
Thank you!

0 Karma
Reply
Solved! Jump to solution

koshyk
Super Champion
‎10-12-2018 02:40 AM

collection is very simple. Just configure an inputs.conf and put all your files into the directory

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing Splunk Enterprise 9.2

WATCH HERE! Watch this Tech Talk to learn about the latest features and enhancements shipped in the new Splunk ...

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...