I am trying to learn how to use the eventgen to generate events into my Splunk instance.

I am currently running Splunk version 7.2.0. The Splunk instance is deployed as a Docker container. The container image is obtained from the official Splunk's dockerhub repository.

I install eventgen by following the online documentation by `pip install git+https://www.github.com/splunk/eventgen.git

`

I created a directory structure in my home directory
`splunk@6fb0981b51d9:~/Playground/sample.tutorial1$ pwd
/home/splunk/Playground/sample.tutorial1
splunk@6fb0981b51d9:~/Playground/sample.tutorial1$ find .
.
./samples
./samples/sample.tutorial1
./default
./default/eventgen.conf
splunk@6fb0981b51d9:~/Playground/sample.tutorial1$ `

The sample.tutorial1 is from /home/splunk/.local/lib/python2.7/site-packages/splunk_eventgen/samples
The eventgen.conf is from /home/splunk/.local/lib/python2.7/site-packages/splunk_eventgen/README/eventgen.conf.tutorial1

I modified the eventgen.conf to set the outputMode to splunkstream and specified the splunkHost, splunkUser and splunkPass.

`[sample.tutorial1]
mode = replay
sampletype = csv
timeMultiple = 2
#backfill = -15m
#backfillSearch = index=main sourcetype=splunkd

#outputMode = stdout
outputMode = splunkstream
splunkHost = localhost
splunkUser = admin
splunkPass = secret

#outputMode = file
#fileName = /tmp/internal.log

token.0.token = \d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2},\d{3,6}
token.0.replacementType = timestamp
token.0.replacement = %Y-%m-%d %H:%M:%S,%f

token.1.token = \d{2}-\d{2}-\d{4} \d{2}:\d{2}:\d{2}.\d{3,6}
token.1.replacementType = timestamp
token.1.replacement = %m-%d-%Y %H:%M:%S.%f

token.2.token = \d{2}/\w{3}/\d{4}:\d{2}:\d{2}:\d{2}.\d{3,6}
token.2.replacementType = timestamp
token.2.replacement = %d/%b/%Y:%H:%M:%S.%f

token.3.token = \d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}
token.3.replacementType = timestamp
token.3.replacement = %Y-%m-%d %H:%M:%S

token.4.token = \d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2}
token.4.replacementType = timestamp
token.4.replacement = %Y-%m-%dT%H:%M:%S`

When I try to run it using the following command splunk_eventgen -v generate /home/splunk/Playground/sample.tutorial1/default/eventgen.conf, I received the following error

`2019-03-01 18:37:30 eventgen        INFO     MainProcess Logging Setup Complete.
2019-03-01 18:37:30 eventgen        INFO     MainProcess Retrieving eventgen configurations with ConfigParser()
2019-03-01 18:37:30 eventgen        INFO     MainProcess Key 'verbose' in stanza 'global' may not be a valid setting
2019-03-01 18:37:30 eventgen        INFO     MainProcess Key 'splunkHost' in stanza 'sample.tutorial1' may not be a valid setting
2019-03-01 18:37:30 eventgen        INFO     MainProcess Key 'splunkUser' in stanza 'sample.tutorial1' may not be a valid setting
2019-03-01 18:37:30 eventgen        INFO     MainProcess Key 'splunkPass' in stanza 'sample.tutorial1' may not be a valid setting
2019-03-01 18:37:30 eventgen        ERROR    MainProcess Path not found for samples '/home/splunk/Playground/sample.tutorial1/default/samples', trying '/home/splunk/Playground/sample.tutorial1/samples'
2019-03-01 18:37:30 eventgen        INFO     MainProcess Creating timer object for sample 'sample.tutorial1' in app 'splunk_eventgen'
2019-03-01 18:37:30 eventgen        INFO     MainProcess Start '1' generatorWorkers for sample 'sample.tutorial1'
2019-03-01 18:37:30 eventgen        INFO     MainProcess All timers started, joining queue until it's empty.
2019-03-01 18:37:30 eventgen        INFO     MainProcess Start '1' generatorWorkers for sample 'sample.tutorial1'
2019-03-01 18:37:30 eventgen        INFO     MainProcess Worker# 0: Put 0.0 MB of events in queue for sample 'sample.tutorial1' with et '2019-03-01 18:37:30.452115' and lt '2019-03-01 18:37:30.452199'
2019-03-01 18:37:30 eventgen        ERROR    MainProcess sequence index must be integer, not 'str'
Traceback (most recent call last):
  File "/home/splunk/.local/lib/python2.7/site-packages/splunk_eventgen/eventgen_core.py", line 352, in _generator_do_work
    item.run(output_counter=output_counter)
  File "/home/splunk/.local/lib/python2.7/site-packages/splunk_eventgen/lib/generatorplugin.py", line 213, in run
    self.gen(count=self.count, earliest=self.start_time, latest=self.end_time, samplename=self._sample.name)
  File "/home/splunk/.local/lib/python2.7/site-packages/splunk_eventgen/lib/plugins/generator/replay.py", line 128, in gen
    self.set_time_and_send(rpevent, self.backfill_time, earliest, latest)
  File "/home/splunk/.local/lib/python2.7/site-packages/splunk_eventgen/lib/plugins/generator/replay.py", line 57, in set_time_and_send
    self._out.bulksend([rpevent])
  File "/home/splunk/.local/lib/python2.7/site-packages/splunk_eventgen/lib/eventgenoutput.py", line 81, in bulksend
    self.flush()
  File "/home/splunk/.local/lib/python2.7/site-packages/splunk_eventgen/lib/eventgenoutput.py", line 130, in flush
    outputer.run()
  File "/home/splunk/.local/lib/python2.7/site-packages/splunk_eventgen/lib/outputplugin.py", line 51, in run
    self.flush(q=self.events)
  File "/home/splunk/.local/lib/python2.7/site-packages/splunk_eventgen/lib/plugins/output/splunkstream.py", line 64, in flush
    queues[row['source']+'_'+row['sourcetype']] = deque([])
TypeError: sequence index must be integer, not 'str'
Exception in thread Thread-1:
Traceback (most recent call last):
  File "/usr/lib/python2.7/threading.py", line 801, in __bootstrap_inner
    self.run()
  File "/usr/lib/python2.7/threading.py", line 754, in run
    self.__target(*self.__args, **self.__kwargs)
  File "/home/splunk/.local/lib/python2.7/site-packages/splunk_eventgen/eventgen_core.py", line 361, in _generator_do_work
    raise e
TypeError: sequence index must be integer, not 'str'

`

Can someone shed some light into what I did wrong? I originally installed eventgen as an app in Splunk and I couldn't get this example working at all so I decided to run it in standalone mode. I figure this is easier to debug this way.

Thanks!