Splunk Search
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

SA-Eventgen and Splunk SPL Examples - Help Generating Data

dillardo_2
Path Finder
‎09-10-2019 02:49 PM

Hello community, I've installed SA-Eventgen and SPL Examples as directed in the following .conf talk:

https://conf.splunk.com/files/2017/recordings/creating-your-own-splunk-learning-environment.mp4

However, this doesn't work. I've taken a look at the documentation, created a folder named "local" under the SPL_Examples directory and moved the eventgen.config from the apps\spl_examples\default folder to the apps\spl_exampels\local folder. I restarted Splunk and still getting no events. What am I missing? Luke Netto's talk referenced above makes it seem so trivial?

I'm working with a brand new install of Splunk on a Windows 10 system. The only apps I've installed as of this post are SA-Eventgen and SPL Examples.

Splunk Enterprise Version: 7.3.1
SA-Eventgen Version: 6.5.1
Splunk SPL Examples Version: 1.0.0

Appreciate any help with this!

Here are some of the errors I'm seeing in the internal index:

alt text

From Splunkd.log:

09-11-2019 12:21:10.206 -0500 ERROR ExecProcessor - message from "python "C:\Program Files\Splunk\etc\apps\SA-Eventgen\bin\modinput_eventgen.py"" 2019-09-11 12:21:10 eventgen WARNING MainProcess {'positional_args': (0,), 'event': 'Generator Queue Full. Reput the backfill generator task later. %d backfill generators are dispatched.'}

Preview file
1 KB
0 Karma
Reply

lnetto_splunk
Splunk Employee
Splunk Employee
‎03-19-2020 09:15 AM

We are no longer publishing eventgen configs with TAs :(.
I'm going to try to reach out to you directly.

0 Karma
Reply

lwu_splunk
Splunk Employee
Splunk Employee
‎09-10-2019 03:32 PM

Here is the latest documentation for Eventgen: http://splunk.github.io/eventgen/

0 Karma
Reply

dillardo_2
Path Finder
‎09-11-2019 05:01 AM

Iwu, I've read the documentation, however, SA-Eventgen isn't working. Do you have a Splunk Enterprise environment configured with SA-Eventgen and SPL Examples working?

0 Karma
Reply

lwu_splunk
Splunk Employee
Splunk Employee
‎09-11-2019 06:42 PM

Try to extract this file under $SPLUNK_HOME/etc/apps folder and enable Eventgen modular input to check if data is generating into splunk: https://gofile.io/?c=C9X63g

0 Karma
Reply
Get Updates on the Splunk Community!

Extending Observability Content to Splunk Cloud

Watch Now!   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to leverage ...

More Control Over Your Monitoring Costs with Archived Metrics!

What if there was a way you could keep all the metrics data you need while saving on storage costs?This is now ...

New in Observability Cloud - Explicit Bucket Histograms

Splunk introduces native support for histograms as a metric data type within Observability Cloud with Explicit ...