hello,
I'm new to Splunk and am using the Splunk Free license. I would like to find a way to collect data automatically, so i can test certain things in Splunk such as how long does it take to ingest certain data, how much storage this data is taking etc. But i have't find the way to collect (fake data) automatically to Splunk.
Is there an easy way to do it on Splunk Enterprise (search and reporting) Please help, thank you in advance!!!
I guess you might need to understand a bit of inputs.conf, props.conf etc. before you do the excercise in my opinion.
Once you understand, then...
Just install splunk. Splunk have quite plenty of data within _internal index of itself. You can get about 50-200MB of data for practise within _internal
If you want to create dummy data, the best module to use is called EventGen. Please find a video1 of it. Eventgen is flexible to any degree and can generate data to giga bytes if you wish.
I had also noted this. But the major issue is SimData requires JVM which may not be available on all systems. But EventGen uses python anyway which is included in Splunk. Again its choice of people.
I guess you might need to understand a bit of inputs.conf, props.conf etc. before you do the excercise in my opinion.
Once you understand, then...
Just install splunk. Splunk have quite plenty of data within _internal index of itself. You can get about 50-200MB of data for practise within _internal
If you want to create dummy data, the best module to use is called EventGen. Please find a video1 of it. Eventgen is flexible to any degree and can generate data to giga bytes if you wish.
Thank you so much!!! Both videos are so helpful. however, i already have Splunk installed on Mac computer, but under Data Input it's not showing me the option for "Local Event Log Collection" as it shown on the video. Is there any other option i can use to collect data ? Beside using the EventGen
Thank you!
collection is very simple. Just configure an inputs.conf and put all your files into the directory