Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

How do I collect fake data automatically in Splunk?

maryamchar
Explorer
‎10-11-2018 10:32 AM

hello,

I'm new to Splunk and am using the Splunk Free license. I would like to find a way to collect data automatically, so i can test certain things in Splunk such as how long does it take to ingest certain data, how much storage this data is taking etc. But i have't find the way to collect (fake data) automatically to Splunk.

Is there an easy way to do it on Splunk Enterprise (search and reporting) Please help, thank you in advance!!!

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

koshyk
Super Champion
‎10-11-2018 11:20 AM

I guess you might need to understand a bit of inputs.conf, props.conf etc. before you do the excercise in my opinion.

Once you understand, then...

  1. Just install splunk. Splunk have quite plenty of data within _internal index of itself. You can get about 50-200MB of data for practise within _internal

  2. If you want to create dummy data, the best module to use is called EventGen. Please find a video1 of it. Eventgen is flexible to any degree and can generate data to giga bytes if you wish.

View solution in original post

0 Karma
Reply
Solved! Jump to solution

sduff_splunk
Splunk Employee
Splunk Employee
‎10-11-2018 07:12 PM

EventGen has been superseded by SimData.

For the purposes of creating volumes of data however, EventGen is probably the way to go 🙂

0 Karma
Reply
Solved! Jump to solution

koshyk
Super Champion
‎10-12-2018 02:42 AM

I had also noted this. But the major issue is SimData requires JVM which may not be available on all systems. But EventGen uses python anyway which is included in Splunk. Again its choice of people.

Reply
Solved! Jump to solution
Solution

koshyk
Super Champion
‎10-11-2018 11:20 AM

I guess you might need to understand a bit of inputs.conf, props.conf etc. before you do the excercise in my opinion.

Once you understand, then...

  1. Just install splunk. Splunk have quite plenty of data within _internal index of itself. You can get about 50-200MB of data for practise within _internal

  2. If you want to create dummy data, the best module to use is called EventGen. Please find a video1 of it. Eventgen is flexible to any degree and can generate data to giga bytes if you wish.

0 Karma
Reply
Solved! Jump to solution

maryamchar
Explorer
‎10-11-2018 11:48 AM

Thank you so much!!! Both videos are so helpful. however, i already have Splunk installed on Mac computer, but under Data Input it's not showing me the option for "Local Event Log Collection" as it shown on the video. Is there any other option i can use to collect data ? Beside using the EventGen
Thank you!

0 Karma
Reply
Solved! Jump to solution

koshyk
Super Champion
‎10-12-2018 02:40 AM

collection is very simple. Just configure an inputs.conf and put all your files into the directory

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing the 2024 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...

Introducing the 2024 Splunk MVPs!

We are excited to announce the 2024 cohort of the Splunk MVP program. Splunk MVPs are passionate members of ...

Splunk Custom Visualizations App End of Life

The Splunk Custom Visualizations apps End of Life for SimpleXML will reach end of support on Dec 21, 2024, ...