EventGen: Why is the app not appearing to generate...

rob_lamb · ‎09-30-2016

I am trying to run EventGen's tutorial 1 on a Windows host. Generated data is not going to my test index. I have tried modifying the .conf file to:

[search2.csv]
mode = replay
sampletype = csv
timeMultiple = 2
backfill = -15m
#backfillSearch = index=main sourcetype=splunkd
backfillSearch = index=cust1_index sourcetype=eventgen
index = cust1_index
sourcetype = eventgen
#outputMode = stdout
#outputMode = splunkstream
outputMode = modinput
splunkHost = localhost
splunkUser = admin
splunkPass =

When I look at eventgen.log after a reboot all I see is:

2016-09-30 12:26:36,206 INFO module='config' sample='null': Running as Splunk embedded
2016-09-30 12:26:36,503 INFO module='config' sample='null': Retrieving eventgen configurations from /configs/eventgen

When I search _internal for "eventgen" I see the event "Starting EventGen", followed by a series of GET and POST statements.

But no data is going to the index cust1_index.

jwelch_splunk · ‎10-03-2016

The eventgen.conf file is the conf file that tells the Eventgen App what to generate. Most TA's come with sample data as well as an eventgen.conf file.

In order for the eventgen.conf file to generate events you would need to download and install the app:

https://github.com/splunk/eventgen

rob_lamb · ‎10-03-2016

I have already downloaded and installed the "master" branch from GIT as the application "SA-Eventgen" per the tutorial instructions I have been using.

EventGen: Why is the app not appearing to generate events after modifying the .conf file?

Extending Observability Content to Splunk Cloud

More Control Over Your Monitoring Costs with Archived Metrics!

New in Observability Cloud - Explicit Bucket Histograms