Can someone advise on a single Splunk command that can be run in the search bar that will display dummy data? This was demonstrated by an instructor in the past but I can't remember what the command was
I believe the command you are looking for is scrub.
I attended .Conf last year where an instructor used this command to replace "real data" with dummy information, while keeping the format of the data.
This command comes in useful when wanting to anonymize the data, when passing it on to a 3rd party etc.
I use it when pasting data into 3rd party websites, to work on Regex extractions.
|scrub
Well... scrub can work strangely sometimes.
For example, scrubbing my firewall logs shows that my firewalls do actions:
- allowed
- blocked
- dropped
- mckenzie
🤣
There is also | streambag
.
You can use | gentimes
, too.
Try this, it'll generate 100 dummy events for you.
| windbag
hi @lukesplunklukesplunk
Did the answer below solve your problem? If so, please resolve this post by approving it!
If your problem is still not solved, keep us updated so that someone else can help ya. Thanks for posting!
Perhaps it was | makeresults
?
Thanks for answering but nope, thats not the one I was thinking of