Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to prevent Eventgen from generating duplicates

ttyurina
New Member
‎01-23-2019 05:57 AM

Hi, I´m new to Splunk and Eventgen.
I have a sample with 24 events distributed over 1 day (timestamps from 19.11.2018 00:52:54 till 19.11.2018 23:52:54).
I need to "replay" the entire sample once every day, so that each event has the same time as in the sample (i.e. from 23.01.2019 00:52:54 till 23.01.2019 23:52:54).
It works pretty well with this entry in eventgen.conf:

[exxample.csv]
mode = sample
count = 24
interval = 86400
sampletype = csv
outputMode = splunkstream
token.0.token = \d{2}.\d{2}.\d{4}
token.0.replacementType = timestamp
token.0.replacement = %d.%m.%Y

But when restarting Splunk, Eventgen generates the events again in the same way, so that duplicate events appearing in the index. Can I prevent this with Eventgen configurating? Thank you in advance.

Tags (2)
0 Karma
Reply
Get Updates on the Splunk Community!

Observability Unlocked: Kubernetes Monitoring with Splunk Observability Cloud

  Ready to master Kubernetes and cloud monitoring like the pros?Join Splunk’s Growth Engineering team for an ...

Wrapping Up Cybersecurity Awareness Month

October might be wrapping up, but for Splunk Education, cybersecurity awareness never goes out of season. ...

🌟 From Audit Chaos to Clarity: Welcoming Audit Trail v2

🗣 You Spoke, We Listened  Audit Trail v2 wasn’t written in isolation—it was shaped by your voices.  In ...