×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
meghasahai
Engager
Member since: ‎08-03-2020
‎08-29-2020
Community Statistics
Posts 2
Solutions 0
Karma Given 3
Karma Received 0
Member Since ‎08-03-2020
Activity Feed
View All

Re: Eventgen basic configuration, but still not ge...

by in All Apps and Add-ons
‎08-13-2020 11:39 PM
‎08-13-2020 11:39 PM
Hi, Try placing the eventgen.conf file under the $SPLUNK_HOME\etc\apps\your_app\local and then restart the Splunk. ... View more

How to Get Eventgen working?

by in All Apps and Add-ons
‎08-13-2020 01:38 PM
‎08-13-2020 01:38 PM
Hi, I am new in Splunk Enterprise, I need your help to get the sample data uploaded on Splunk. I got the sample data from Splunk-7-Essentials-Third-Edition-master and it is inside the folder: C:\Splunk-7-Essentials-Third-Edition-master\Chapter01\eventgen If this the location of my app -> $SPLUNK_HOME\etc\apps\destination, and I have placed eventgen.conf inside the local, i.e.  -> $SPLUNK_HOME\etc\apps\destination\local. The sample data is under new folder 'samples': $SPLUNK_HOME\etc\apps\destination\samples Now, this is what my eventgen.conf looks like: --------- # Note, these samples assume you're installed as an app or a symbolic link in # $SPLUNK_HOME/etc/apps/eventgen. If not, please change the paths below. # Modified by ericksond [destinations.sample] mode = sample sampletype = csv outputMode = splunkstream interval = 10 earliest = -10s latest = now count = 3 randomizeCount = 0.33 randomizeEvents = true token.0.token = ((\w+\s+\d+\s+\d{2}:\d{2}:\d{2}:\d{3})|(\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}:\d{3})) token.0.replacementType = replaytimestamp token.0.replacement = ["%b %d %H:%M:%S:%f", "%Y-%m-%d %H:%M:%S:%f"] token.1.token = (5\.5\.5\.5) token.1.replacementType = file token.1.replacement = $SPLUNK_HOME/etc/apps/destinations/samples/external_ips.sample token.2.token = (10\.2\.1\.35) token.2.replacementType = file token.2.replacement = $SPLUNK_HOME/etc/apps/destinations/samples/webhosts.sample token.3.token = (Method-And-URI) token.3.replacementType = file token.3.replacement = $SPLUNK_HOME/etc/apps/destinations/samples/destinations-uris.sample token.4.token = (User-Agent) token.4.replacementType = file token.4.replacement = $SPLUNK_HOME/etc/apps/destinations/samples/useragents_desktop.sample token.5.token = (468) token.5.replacementType = random token.5.replacement = integer[100:1000] token.6.token = (1488) token.6.replacementType = random token.6.replacement = integer[200:4000]])" token.7.token = (200) token.7.replacementType = file token.7.replacement = $SPLUNK_HOME/etc/apps/destinations/samples/destinations-codes.sample ------------ After all these steps, i have restared the Splunk, could you possibly tell me where i am going wrong. Thanks in advance! @Penkov  @harsmarvania57  @naidusadanala     ... View more
Labels
Contact Me
Online Status
Offline
Date Last Visited
‎08-29-2020 01:52 AM
Karma given to