Solved: Is there a way to create 6 months of historical da...

simpkins1958 · ‎11-04-2015

Is there a way to create 6 months of data in Splunk so we can test an application we are creating? I've looked at Eventgen, but don't see a way to create data starting 6 months in the past.

simpkins1958 · ‎11-04-2015

Looks like eventgen can do this:

Added backfill support to allow the event generator to start up and immediately generate a user configurable amount of time's worth of events in the past. Also supports defining a search to only backfill where there is a gap.

View solution in original post

csharp_splunk · ‎11-05-2015

Yes, that's supported, although we didn't support generating data for a specified time range because there was no way to end generation. That's been added in the latest dev build, and is documented in the spec file: https://github.com/splunk/eventgen/blob/dev/README/eventgen.conf.spec#L271. If you want to grab the latest build, grab the dev branch: https://github.com/splunk/eventgen/tree/dev.

simpkins1958 · ‎11-05-2015

When using eventgen is the indexed data counted towards the daily maximum?

simpkins1958 · ‎11-04-2015

Looks like eventgen can do this:

Added backfill support to allow the event generator to start up and immediately generate a user configurable amount of time's worth of events in the past. Also supports defining a search to only backfill where there is a gap.

Is there a way to create 6 months of historical data in Splunk for application testing?

.conf24 | Registration Open!

ICYMI - Check out the latest releases of Splunk Edge Processor

Introducing the 2024 SplunkTrust!