Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

SA-Eventgen and Splunk SPL Examples - Help Generating Data

dillardo_2
Path Finder
‎09-10-2019 02:49 PM

Hello community, I've installed SA-Eventgen and SPL Examples as directed in the following .conf talk:

https://conf.splunk.com/files/2017/recordings/creating-your-own-splunk-learning-environment.mp4

However, this doesn't work. I've taken a look at the documentation, created a folder named "local" under the SPL_Examples directory and moved the eventgen.config from the apps\spl_examples\default folder to the apps\spl_exampels\local folder. I restarted Splunk and still getting no events. What am I missing? Luke Netto's talk referenced above makes it seem so trivial?

I'm working with a brand new install of Splunk on a Windows 10 system. The only apps I've installed as of this post are SA-Eventgen and SPL Examples.

Splunk Enterprise Version: 7.3.1
SA-Eventgen Version: 6.5.1
Splunk SPL Examples Version: 1.0.0

Appreciate any help with this!

Here are some of the errors I'm seeing in the internal index:

alt text

From Splunkd.log:

09-11-2019 12:21:10.206 -0500 ERROR ExecProcessor - message from "python "C:\Program Files\Splunk\etc\apps\SA-Eventgen\bin\modinput_eventgen.py"" 2019-09-11 12:21:10 eventgen WARNING MainProcess {'positional_args': (0,), 'event': 'Generator Queue Full. Reput the backfill generator task later. %d backfill generators are dispatched.'}

Preview file
1 KB
0 Karma
Reply

lnetto_splunk
Splunk Employee
Splunk Employee
‎03-19-2020 09:15 AM

We are no longer publishing eventgen configs with TAs :(.
I'm going to try to reach out to you directly.

0 Karma
Reply

lwu_splunk
Splunk Employee
Splunk Employee
‎09-10-2019 03:32 PM

Here is the latest documentation for Eventgen: http://splunk.github.io/eventgen/

0 Karma
Reply

dillardo_2
Path Finder
‎09-11-2019 05:01 AM

Iwu, I've read the documentation, however, SA-Eventgen isn't working. Do you have a Splunk Enterprise environment configured with SA-Eventgen and SPL Examples working?

0 Karma
Reply

lwu_splunk
Splunk Employee
Splunk Employee
‎09-11-2019 06:42 PM

Try to extract this file under $SPLUNK_HOME/etc/apps folder and enable Eventgen modular input to check if data is generating into splunk: https://gofile.io/?c=C9X63g

0 Karma
Reply
Get Updates on the Splunk Community!

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...