Solved: Splunk Simulator

mhenrick · ‎07-18-2013

Hi All,

I was wondering if any of you knew of a Splunk simulator (where I could upload a CSV and check my searches without having to create an entire testing environment/run tests on production data).

Thank you

alacercogitatus · ‎07-18-2013

Splunk is very versatile and configurable, so a universal simulator might not work for every case. There is a data preview available within Splunk to make sure events get broken correctly before you add a new input. Other than that, I'd setup a test instance with a dev license that has the same apps as your production, that way you know if it will work or not.

View solution in original post

alacercogitatus · ‎07-18-2013

Splunk is very versatile and configurable, so a universal simulator might not work for every case. There is a data preview available within Splunk to make sure events get broken correctly before you add a new input. Other than that, I'd setup a test instance with a dev license that has the same apps as your production, that way you know if it will work or not.

mhenrick · ‎07-18-2013

Thanks a lot, I'll try to do a data preview tonight!

Splunk Simulator

Enterprise Security Content Update (ESCU) | New Releases

Join the Splunk Developer Program Hackathon: Splunk Build-a-thon!

Announcing the Expansion of the Splunk Academic Alliance Program