Solved: Is there an easy way to create fake data?

sboogaar · ‎10-25-2022

I am making a test in python where I want to validate if an ITSI kpi works as expected.

Lets say I have an index called alerts

And I want the following data in the index, because it should trigger an alert

{"alert":"true", "time":"1666702756"}

I know there is a splunk event gen application but it feels to big to add a simple line, what is the most simple way to add an event to an index? For example is it possible to do with an api call? I tried looking around but could not find a good example, for something that feels very trivial.

Note: we can not use the splunk python sdk as we use a custom proxy/url and the python sdk does not support any custom urls. We are able to run queries with our own python script so if it is possible with a spl query that is fine to.

johnhuang · ‎10-25-2022

| makeresults | eval _raw="{\"alert\":\"true\", \"time\":\"".now()."\"}"
| collect index=<index_name> source=<source_name> sourcetype=<source_type> output_format=raw

View solution in original post

johnhuang · ‎10-25-2022

| makeresults | eval _raw="{\"alert\":\"true\", \"time\":\"".now()."\"}"
| collect index=<index_name> source=<source_name> sourcetype=<source_type> output_format=raw

ITWhisperer · ‎10-25-2022

Have you looked at the collect command with output_format="hec" as you might be able to use it to create JSON events in the index for you?

Is there an easy way to create fake data?

Congratulations to the 2025-2026 SplunkTrust!

[Puzzles] Solve, Learn, Repeat: Nested loops in Event Conversion

Your Guide to Splunk Digital Experience Monitoring

Join the Conversation

Is there an easy way to create fake data?

Congratulations to the 2025-2026 SplunkTrust!

[Puzzles] Solve, Learn, Repeat: Nested loops in Event Conversion

Your Guide to Splunk Digital Experience Monitoring