EventLab is an AI-powered synthetic data generator built as a native Splunk application. It enables SOC analysts, detection engineers, and Splunk administrators to produce realistic synthetic security events on demand — for testing detections, populating training environments, validating SPL queries, and running live demonstrations — without exposing real production data. The built-in AI assistant accepts plain-English commands: generate a fixed batch, start a continuous real-time stream, simulate a MITRE ATT&CK technique, or schedule recurring jobs. Every generated batch is statistically validated against real production data, giving teams a measurable quality score that proves synthetic events match production patterns. EventLab ships with prebuilt models for common log sources — Palo Alto firewall, Windows Security, DNS, web access, and Linux syslog — and can build new models directly from your Splunk indexes. The AI profiles real events, extracts field types and token patterns, and produces a generation-ready model in minutes. Key capabilities: - 22 AI-driven tools for generation, streaming, scenario simulation, quality assessment, and model authoring. - 54 preconfigured MITRE ATT&CK techniques spanning all 14 tactics. - Statistical quality scoring: Kolmogorov–Smirnov, chi-squared, and temporal cosine similarity tests. - Real-time streaming with configurable EPS and rate patterns (flat, spike, ramp, burst). - Scheduled generation via cron expressions for continuous data feeds. - Multi-LLM provider support: Anthropic Claude, Azure OpenAI, AWS Bedrock, OpenAI-compatible endpoints, and Ollama for fully air-gapped deployments. - Multi-tenancy with four RBAC roles, owner-scoped data isolation, and six granular capabilities. - Full audit trail logged to KV Store and Splunk indexes. Who it is for: - SOC teams running detection engineering, content development, and analyst training. - Splunk administrators needing realistic data for performance testing and demos. - Security architects validating SIEM pipelines without exposing customer data. - Educators and trainers building hands-on Splunk labs.