Join the Conversation
- Find Answers
- :
- Splunk Products
- :
- Splunk Enterprise
- :
- Re: Can't get to work on mac
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi there.
Sorry if this turns out to be a dumb error but I really want to get eventgen working on my local Mac install so I can do some tests on some customer data. I installed Splunk Enterprise free trial on my Mac today then I jumped onto the eventgen page and followed the video tutorial. After replaying it a lot of ties as he's going so fast and down't show his file paths in the finder window I eventually got to where he was. However, no data coming in on my side. "There ya go, simple" he says on his side.. Everything should be jsut as the video as I really took my time. What I did differently was change the hostname in the .conf file because mine was coming up as MacBook-Pro.local in Splunk and I put my creds in. Nothing at all coming up though. One thing I have noticed is my $SPLUNK_HOME variable isn't set, not sure if the Splunk install should have done that for me? It's not done anyway. If anyone has the syntax to set that so that it remains after reboot as well that would be good thanks. It's Yosemite. Any ideas gratefully received.
Thanks.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
So. I set my path variables with the following:
export PATH=$PATH:/Applications/Splunk/bin/
export SPLUNK_HOME="/Applications/Splunk/"
placed into $HOME/.bash_profile
but it didn't fix my issues. I have, however, got it working but not per the documents in the app. I can get it to work with the sample files AND with a file I exported from a different Splunk install by placing them into the samples and local folder created when installing the eventgen app (eventgen-master these days, doco not updated). Tailing eventgen.log in /Applications/Splunk/var/log/splunk (should be mentioned in doco but isn't) shows it all happening but run it in a different app folder and the log file immediately gets stuck after "INFO Starting timers". Doco says it looks in all app folders for such files so I'll have to investigate again later on. I had set permissions to All apps as well but no go.
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
So. I set my path variables with the following:
export PATH=$PATH:/Applications/Splunk/bin/
export SPLUNK_HOME="/Applications/Splunk/"
placed into $HOME/.bash_profile
but it didn't fix my issues. I have, however, got it working but not per the documents in the app. I can get it to work with the sample files AND with a file I exported from a different Splunk install by placing them into the samples and local folder created when installing the eventgen app (eventgen-master these days, doco not updated). Tailing eventgen.log in /Applications/Splunk/var/log/splunk (should be mentioned in doco but isn't) shows it all happening but run it in a different app folder and the log file immediately gets stuck after "INFO Starting timers". Doco says it looks in all app folders for such files so I'll have to investigate again later on. I had set permissions to All apps as well but no go.
Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!
Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.
[Puzzles] Solve, Learn, Repeat: Matching cron expressions
Design, Compete, Win: Submit Your Best Splunk Dashboards for a .conf26 Pass
May 2026 Splunk Expert Sessions: Security & Observability
