Installation

SA-Eventgen doesn't work?

laiyongmao
Path Finder

hi,all
i downloaded from https://github.com/splunk/eventgen/tree/bigdev ,i installed eventgen ,but it doesn't work,i don't what should i do?
it just three indexes in generating data,otheres doesn't change.i try to follow the process operation。

You can easily run these examples by hand. In fact, for testing purposes, I almost always change outputMode = file (you can see it commented out in most of the tutori
als) and run the eventgen by hand to make sure my substitutions are setup correctly. In this case, assuming you've customized the tutorial file for your splunk host,
username and password, lets run the tutorial and see it replay these events. From the base directory of the eventgen:
python bin/eventgen.py README/eventgen.conf.tutorial1

but:
[root@localhost SA-Eventgen]# python bin/eventgen.py README/eventgen.conf.tutorial1
Traceback (most recent call last):
File "bin/eventgen.py", line 21, in
from eventgenconfig import Config
File "/opt/splunk/etc/apps/SA-Eventgen/lib/eventgenconfig.py", line 14, in
from eventgensamples import Sample
File "/opt/splunk/etc/apps/SA-Eventgen/lib/eventgensamples.py", line 14, in
from eventgenoutput import Output
File "/opt/splunk/etc/apps/SA-Eventgen/lib/eventgenoutput.py", line 5, in
import httplib, httplib2
ImportError: No module named httplib2

i don't know wth,who can help me or tell me the url for download the SA-Eventgen.

Tags (1)

fortiwhall
Explorer

I had the same problem and followed the instructions here and it helped me get Eventgen up and running. I love this tool!

In short, I downloaded httplib2 2.0.8, unpacked it, then ran the $ python setup.py install command from that directory.

coleman07
Path Finder

You need to install the python library httplib2. To do that, run the command
"pip install httplib2"

Here is a link to httplib2:

https://github.com/jcgregorio/httplib2

Here is a link to how to install pip on redhat/centos

http://www.cyberciti.biz/faq/debian-ubuntu-centos-rhel-linux-install-pipclient

0 Karma
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...