Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How do I collect fake data automatically in Splunk?

maryamchar
Explorer
‎10-11-2018 10:32 AM

hello,

I'm new to Splunk and am using the Splunk Free license. I would like to find a way to collect data automatically, so i can test certain things in Splunk such as how long does it take to ingest certain data, how much storage this data is taking etc. But i have't find the way to collect (fake data) automatically to Splunk.

Is there an easy way to do it on Splunk Enterprise (search and reporting) Please help, thank you in advance!!!

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

koshyk
Super Champion
‎10-11-2018 11:20 AM

I guess you might need to understand a bit of inputs.conf, props.conf etc. before you do the excercise in my opinion.

Once you understand, then...

  1. Just install splunk. Splunk have quite plenty of data within _internal index of itself. You can get about 50-200MB of data for practise within _internal

  2. If you want to create dummy data, the best module to use is called EventGen. Please find a video1 of it. Eventgen is flexible to any degree and can generate data to giga bytes if you wish.

View solution in original post

0 Karma
Reply
Solved! Jump to solution

sduff_splunk
Splunk Employee
Splunk Employee
‎10-11-2018 07:12 PM

EventGen has been superseded by SimData.

For the purposes of creating volumes of data however, EventGen is probably the way to go 🙂

0 Karma
Reply
Solved! Jump to solution

koshyk
Super Champion
‎10-12-2018 02:42 AM

I had also noted this. But the major issue is SimData requires JVM which may not be available on all systems. But EventGen uses python anyway which is included in Splunk. Again its choice of people.

Reply
Solved! Jump to solution
Solution

koshyk
Super Champion
‎10-11-2018 11:20 AM

I guess you might need to understand a bit of inputs.conf, props.conf etc. before you do the excercise in my opinion.

Once you understand, then...

  1. Just install splunk. Splunk have quite plenty of data within _internal index of itself. You can get about 50-200MB of data for practise within _internal

  2. If you want to create dummy data, the best module to use is called EventGen. Please find a video1 of it. Eventgen is flexible to any degree and can generate data to giga bytes if you wish.

0 Karma
Reply
Solved! Jump to solution

maryamchar
Explorer
‎10-11-2018 11:48 AM

Thank you so much!!! Both videos are so helpful. however, i already have Splunk installed on Mac computer, but under Data Input it's not showing me the option for "Local Event Log Collection" as it shown on the video. Is there any other option i can use to collect data ? Beside using the EventGen
Thank you!

0 Karma
Reply
Solved! Jump to solution

koshyk
Super Champion
‎10-12-2018 02:40 AM

collection is very simple. Just configure an inputs.conf and put all your files into the directory

0 Karma
Reply
Get Updates on the Splunk Community!

App Platform's 2025 Year in Review: A Year of Innovation, Growth, and Community

As we step into 2026, it’s the perfect moment to reflect on what an extraordinary year 2025 was for the Splunk ...

Operationalizing Entity Risk Score with Enterprise Security 8.3+

Overview Enterprise Security 8.3 introduces a powerful new feature called “Entity Risk Scoring” (ERS) for ...

Unlock Database Monitoring with Splunk Observability Cloud

  In today’s fast-paced digital landscape, even minor database slowdowns can disrupt user experiences and ...