Splunk Search
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

SA-Eventgen and Splunk SPL Examples - Help Generating Data

dillardo_2
Path Finder
‎09-10-2019 02:49 PM

Hello community, I've installed SA-Eventgen and SPL Examples as directed in the following .conf talk:

https://conf.splunk.com/files/2017/recordings/creating-your-own-splunk-learning-environment.mp4

However, this doesn't work. I've taken a look at the documentation, created a folder named "local" under the SPL_Examples directory and moved the eventgen.config from the apps\spl_examples\default folder to the apps\spl_exampels\local folder. I restarted Splunk and still getting no events. What am I missing? Luke Netto's talk referenced above makes it seem so trivial?

I'm working with a brand new install of Splunk on a Windows 10 system. The only apps I've installed as of this post are SA-Eventgen and SPL Examples.

Splunk Enterprise Version: 7.3.1
SA-Eventgen Version: 6.5.1
Splunk SPL Examples Version: 1.0.0

Appreciate any help with this!

Here are some of the errors I'm seeing in the internal index:

alt text

From Splunkd.log:

09-11-2019 12:21:10.206 -0500 ERROR ExecProcessor - message from "python "C:\Program Files\Splunk\etc\apps\SA-Eventgen\bin\modinput_eventgen.py"" 2019-09-11 12:21:10 eventgen WARNING MainProcess {'positional_args': (0,), 'event': 'Generator Queue Full. Reput the backfill generator task later. %d backfill generators are dispatched.'}

Preview file
73 KB
0 Karma
Reply

lnetto_splunk
Splunk Employee
Splunk Employee
‎03-19-2020 09:15 AM

We are no longer publishing eventgen configs with TAs :(.
I'm going to try to reach out to you directly.

0 Karma
Reply

lwu_splunk
Splunk Employee
Splunk Employee
‎09-10-2019 03:32 PM

Here is the latest documentation for Eventgen: http://splunk.github.io/eventgen/

0 Karma
Reply

dillardo_2
Path Finder
‎09-11-2019 05:01 AM

Iwu, I've read the documentation, however, SA-Eventgen isn't working. Do you have a Splunk Enterprise environment configured with SA-Eventgen and SPL Examples working?

0 Karma
Reply

lwu_splunk
Splunk Employee
Splunk Employee
‎09-11-2019 06:42 PM

Try to extract this file under $SPLUNK_HOME/etc/apps folder and enable Eventgen modular input to check if data is generating into splunk: https://gofile.io/?c=C9X63g

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

[Puzzles] Solve, Learn, Repeat: Character substitutions with Regular Expressions

This challenge was first posted on Slack #puzzles channelFor BORE at .conf23, we had a puzzle question which ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...

[Puzzles] Solve, Learn, Repeat: Matching cron expressions

This puzzle (first published here) is based on matching timestamps to cron expressions.All the timestamps ...