Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to prevent Eventgen from generating duplicates

ttyurina
New Member
‎01-23-2019 05:57 AM

Hi, I´m new to Splunk and Eventgen.
I have a sample with 24 events distributed over 1 day (timestamps from 19.11.2018 00:52:54 till 19.11.2018 23:52:54).
I need to "replay" the entire sample once every day, so that each event has the same time as in the sample (i.e. from 23.01.2019 00:52:54 till 23.01.2019 23:52:54).
It works pretty well with this entry in eventgen.conf:

[exxample.csv]
mode = sample
count = 24
interval = 86400
sampletype = csv
outputMode = splunkstream
token.0.token = \d{2}.\d{2}.\d{4}
token.0.replacementType = timestamp
token.0.replacement = %d.%m.%Y

But when restarting Splunk, Eventgen generates the events again in the same way, so that duplicate events appearing in the index. Can I prevent this with Eventgen configurating? Thank you in advance.

Tags (2)
0 Karma
Reply
Get Updates on the Splunk Community!

New Release | Splunk Cloud Platform 10.1.2507

Hello Splunk Community!We are thrilled to announce the General Availability of Splunk Cloud Platform 10.1.2507 ...

🌟 From Audit Chaos to Clarity: Welcoming Audit Trail v2

🗣 You Spoke, We Listened  Audit Trail v2 wasn’t written in isolation—it was shaped by your voices.  In ...

Splunk New Course Releases for a Changing World

Every day, the world feels like it’s moving faster with new technological breakthroughs, AI innovation, and ...