Splunk Search
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

SA-Eventgen and Splunk SPL Examples - Help Generating Data

dillardo_2
Path Finder
‎09-10-2019 02:49 PM

Hello community, I've installed SA-Eventgen and SPL Examples as directed in the following .conf talk:

https://conf.splunk.com/files/2017/recordings/creating-your-own-splunk-learning-environment.mp4

However, this doesn't work. I've taken a look at the documentation, created a folder named "local" under the SPL_Examples directory and moved the eventgen.config from the apps\spl_examples\default folder to the apps\spl_exampels\local folder. I restarted Splunk and still getting no events. What am I missing? Luke Netto's talk referenced above makes it seem so trivial?

I'm working with a brand new install of Splunk on a Windows 10 system. The only apps I've installed as of this post are SA-Eventgen and SPL Examples.

Splunk Enterprise Version: 7.3.1
SA-Eventgen Version: 6.5.1
Splunk SPL Examples Version: 1.0.0

Appreciate any help with this!

Here are some of the errors I'm seeing in the internal index:

alt text

From Splunkd.log:

09-11-2019 12:21:10.206 -0500 ERROR ExecProcessor - message from "python "C:\Program Files\Splunk\etc\apps\SA-Eventgen\bin\modinput_eventgen.py"" 2019-09-11 12:21:10 eventgen WARNING MainProcess {'positional_args': (0,), 'event': 'Generator Queue Full. Reput the backfill generator task later. %d backfill generators are dispatched.'}

mainprocesstokenerror.png
Preview file
73 KB
0 Karma
Reply

lnetto_splunk
Splunk Employee
Splunk Employee
‎03-19-2020 09:15 AM

We are no longer publishing eventgen configs with TAs :(.
I'm going to try to reach out to you directly.

0 Karma
Reply

lwu_splunk
Splunk Employee
Splunk Employee
‎09-10-2019 03:32 PM

Here is the latest documentation for Eventgen: http://splunk.github.io/eventgen/

0 Karma
Reply

dillardo_2
Path Finder
‎09-11-2019 05:01 AM

Iwu, I've read the documentation, however, SA-Eventgen isn't working. Do you have a Splunk Enterprise environment configured with SA-Eventgen and SPL Examples working?

0 Karma
Reply

lwu_splunk
Splunk Employee
Splunk Employee
‎09-11-2019 06:42 PM

Try to extract this file under $SPLUNK_HOME/etc/apps folder and enable Eventgen modular input to check if data is generating into splunk: https://gofile.io/?c=C9X63g

0 Karma
Reply
Get Updates on the Splunk Community!

Dashboards: Hiding charts while search is being executed and other uses for tokens

There are a couple of features of SimpleXML / Classic dashboards that can be used to enhance the user ...

Splunk Observability Cloud's AI Assistant in Action Series: Explaining Metrics and ...

This is the fourth post in the Splunk Observability Cloud’s AI Assistant in Action series that digs into how ...

Brains, Bytes, and Boston: Learn from the Best at .conf25

When you think of Boston, you might picture colonial charm, world-class universities, or even the crack of a ...
Top