Hi there.
Sorry if this turns out to be a dumb error but I really want to get eventgen working on my local Mac install so I can do some tests on some customer data. I installed Splunk Enterprise free trial on my Mac today then I jumped onto the eventgen page and followed the video tutorial. After replaying it a lot of ties as he's going so fast and down't show his file paths in the finder window I eventually got to where he was. However, no data coming in on my side. "There ya go, simple" he says on his side.. Everything should be jsut as the video as I really took my time. What I did differently was change the hostname in the .conf file because mine was coming up as MacBook-Pro.local in Splunk and I put my creds in. Nothing at all coming up though. One thing I have noticed is my $SPLUNK_HOME variable isn't set, not sure if the Splunk install should have done that for me? It's not done anyway. If anyone has the syntax to set that so that it remains after reboot as well that would be good thanks. It's Yosemite. Any ideas gratefully received.
Thanks.
So. I set my path variables with the following:
export PATH=$PATH:/Applications/Splunk/bin/
export SPLUNK_HOME="/Applications/Splunk/"
placed into $HOME/.bash_profile
but it didn't fix my issues. I have, however, got it working but not per the documents in the app. I can get it to work with the sample files AND with a file I exported from a different Splunk install by placing them into the samples and local folder created when installing the eventgen app (eventgen-master these days, doco not updated). Tailing eventgen.log in /Applications/Splunk/var/log/splunk (should be mentioned in doco but isn't) shows it all happening but run it in a different app folder and the log file immediately gets stuck after "INFO Starting timers". Doco says it looks in all app folders for such files so I'll have to investigate again later on. I had set permissions to All apps as well but no go.
So. I set my path variables with the following:
export PATH=$PATH:/Applications/Splunk/bin/
export SPLUNK_HOME="/Applications/Splunk/"
placed into $HOME/.bash_profile
but it didn't fix my issues. I have, however, got it working but not per the documents in the app. I can get it to work with the sample files AND with a file I exported from a different Splunk install by placing them into the samples and local folder created when installing the eventgen app (eventgen-master these days, doco not updated). Tailing eventgen.log in /Applications/Splunk/var/log/splunk (should be mentioned in doco but isn't) shows it all happening but run it in a different app folder and the log file immediately gets stuck after "INFO Starting timers". Doco says it looks in all app folders for such files so I'll have to investigate again later on. I had set permissions to All apps as well but no go.