Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to prevent Eventgen from generating duplicates

ttyurina
New Member
‎01-23-2019 05:57 AM

Hi, I´m new to Splunk and Eventgen.
I have a sample with 24 events distributed over 1 day (timestamps from 19.11.2018 00:52:54 till 19.11.2018 23:52:54).
I need to "replay" the entire sample once every day, so that each event has the same time as in the sample (i.e. from 23.01.2019 00:52:54 till 23.01.2019 23:52:54).
It works pretty well with this entry in eventgen.conf:

[exxample.csv]
mode = sample
count = 24
interval = 86400
sampletype = csv
outputMode = splunkstream
token.0.token = \d{2}.\d{2}.\d{4}
token.0.replacementType = timestamp
token.0.replacement = %d.%m.%Y

But when restarting Splunk, Eventgen generates the events again in the same way, so that duplicate events appearing in the index. Can I prevent this with Eventgen configurating? Thank you in advance.

Tags (2)
0 Karma
Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey
Register for .conf25!
Get Updates on the Splunk Community!

.conf25 Global Broadcast: Don’t Miss a Moment

Hello Splunkers, .conf25 is only a click away.  Not able to make it to .conf25 in person? No worries, you can ...

Observe and Secure All Apps with Splunk

 Join Us for Our Next Tech Talk: Observe and Secure All Apps with SplunkAs organizations continue to innovate ...

What's New in Splunk Observability - August 2025

What's New We are excited to announce the latest enhancements to Splunk Observability Cloud as well as what is ...