Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

SA-Eventgen and Splunk SPL Examples - Help Generating Data

dillardo_2
Path Finder
‎09-10-2019 02:49 PM

Hello community, I've installed SA-Eventgen and SPL Examples as directed in the following .conf talk:

https://conf.splunk.com/files/2017/recordings/creating-your-own-splunk-learning-environment.mp4

However, this doesn't work. I've taken a look at the documentation, created a folder named "local" under the SPL_Examples directory and moved the eventgen.config from the apps\spl_examples\default folder to the apps\spl_exampels\local folder. I restarted Splunk and still getting no events. What am I missing? Luke Netto's talk referenced above makes it seem so trivial?

I'm working with a brand new install of Splunk on a Windows 10 system. The only apps I've installed as of this post are SA-Eventgen and SPL Examples.

Splunk Enterprise Version: 7.3.1
SA-Eventgen Version: 6.5.1
Splunk SPL Examples Version: 1.0.0

Appreciate any help with this!

Here are some of the errors I'm seeing in the internal index:

alt text

From Splunkd.log:

09-11-2019 12:21:10.206 -0500 ERROR ExecProcessor - message from "python "C:\Program Files\Splunk\etc\apps\SA-Eventgen\bin\modinput_eventgen.py"" 2019-09-11 12:21:10 eventgen WARNING MainProcess {'positional_args': (0,), 'event': 'Generator Queue Full. Reput the backfill generator task later. %d backfill generators are dispatched.'}

mainprocesstokenerror.png
Preview file
73 KB
0 Karma
Reply

lnetto_splunk
Splunk Employee
Splunk Employee
‎03-19-2020 09:15 AM

We are no longer publishing eventgen configs with TAs :(.
I'm going to try to reach out to you directly.

0 Karma
Reply

lwu_splunk
Splunk Employee
Splunk Employee
‎09-10-2019 03:32 PM

Here is the latest documentation for Eventgen: http://splunk.github.io/eventgen/

0 Karma
Reply

dillardo_2
Path Finder
‎09-11-2019 05:01 AM

Iwu, I've read the documentation, however, SA-Eventgen isn't working. Do you have a Splunk Enterprise environment configured with SA-Eventgen and SPL Examples working?

0 Karma
Reply

lwu_splunk
Splunk Employee
Splunk Employee
‎09-11-2019 06:42 PM

Try to extract this file under $SPLUNK_HOME/etc/apps folder and enable Eventgen modular input to check if data is generating into splunk: https://gofile.io/?c=C9X63g

0 Karma
Reply
Get Updates on the Splunk Community!

What You Read The Most: Splunk Lantern’s Most Popular Articles!

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

See your relevant APM services, dashboards, and alerts in one place with the updated ...

As a Splunk Observability user, you have a lot of data you have to manage, prioritize, and troubleshoot on a ...

Index This | What goes away as soon as you talk about it?

May 2025 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this month’s ...
Top