All Apps and Add-ons

Splunk eventgen 6.5.2 folder structure

deodion
Path Finder

I see a lot of changes inside of Splunk Eventgen 6.5.2 (and 7.0.0),
I use sa_eventgen_6.5.2.spl install it via splunk web 8.0.1,
and restart it, I see in index=_internal:

01-06-2020 17:55:29.305 +0700 ERROR ExecProcessor - message from "/opt/splunk/bin/python2.7 /opt/splunk/etc/apps/SA-Eventgen/bin/modinput_eventgen.py" 2020-01-06 17:55:29 eventgen        INFO     MainProcess {'event': 'All timers have finished, signalling workers to exit.'}

01-06-2020 17:55:29.305 +0700 ERROR ExecProcessor - message from "/opt/splunk/bin/python2.7 /opt/splunk/etc/apps/SA-Eventgen/bin/modinput_eventgen.py" 2020-01-06 17:55:29 eventgen        INFO     MainProcess {'event': "All timers started, joining queue until it's empty."}

01-06-2020 17:55:29.304 +0700 ERROR ExecProcessor - message from "/opt/splunk/bin/python2.7 /opt/splunk/etc/apps/SA-Eventgen/bin/modinput_eventgen.py" 2020-01-06 17:55:29 eventgen        INFO     MainProcess {'event': 'No samples found.  Exiting.'}

01-06-2020 17:55:29.196 +0700 ERROR ExecProcessor - message from "/opt/splunk/bin/python2.7 /opt/splunk/etc/apps/SA-Eventgen/bin/modinput_eventgen.py" 2020-01-06 17:55:29 eventgen        DEBUG    MainProcess {'event': "Loading module 'rater.perdayvolume' from 'perdayvolume.py'"}

01-06-2020 17:55:29.196 +0700 ERROR ExecProcessor - message from "/opt/splunk/bin/python2.7 /opt/splunk/etc/apps/SA-Eventgen/bin/modinput_eventgen.py" 2020-01-06 17:55:29 eventgen        DEBUG    MainProcess {'event': "Searching for plugin in file '/opt/splunk/etc/apps/SA-Eventgen/lib/splunk_eventgen/lib/plugins/rater/perdayvolume.py'"}

01-06-2020 17:55:29.195 +0700 ERROR ExecProcessor - message from "/opt/splunk/bin/python2.7 /opt/splunk/etc/apps/SA-Eventgen/bin/modinput_eventgen.py" 2020-01-06 17:55:29 eventgen        DEBUG    MainProcess {'event': "Loading module 'rater.config' from 'config.py'"}

01-06-2020 17:55:29.194 +0700 ERROR ExecProcessor - message from "/opt/splunk/bin/python2.7 /opt/splunk/etc/apps/SA-Eventgen/bin/modinput_eventgen.py" 2020-01-06 17:55:29 eventgen        DEBUG    MainProcess {'event': "Searching for plugin in file '/opt/splunk/etc/apps/SA-Eventgen/lib/splunk_eventgen/lib/plugins/rater/config.py'"}

01-06-2020 17:55:29.194 +0700 ERROR ExecProcessor - message from "/opt/splunk/bin/python2.7 /opt/splunk/etc/apps/SA-Eventgen/bin/modinput_eventgen.py" 2020-01-06 17:55:29 eventgen        DEBUG    MainProcess {'event': 'looking for plugin(s) in /opt/splunk/etc/apps/SA-Eventgen/lib/splunk_eventgen/lib/plugins/rater'}

01-06-2020 17:55:29.193 +0700 ERROR ExecProcessor - message from "/opt/splunk/bin/python2.7 /opt/splunk/etc/apps/SA-Eventgen/bin/modinput_eventgen.py" 2020-01-06 17:55:29 eventgen        DEBUG    MainProcess {'event': "Loading module 'generator.windbag' from 'windbag.py'"}

01-06-2020 17:55:29.192 +0700 ERROR ExecProcessor - message from "/opt/splunk/bin/python2.7 /opt/splunk/etc/apps/SA-Eventgen/bin/modinput_eventgen.py" 2020-01-06 17:55:29 eventgen        DEBUG    MainProcess {'event': "Searching for plugin in file '/opt/splunk/etc/apps/SA-Eventgen/lib/splunk_eventgen/lib/plugins/generator/windbag.py'"}

01-06-2020 17:55:29.192 +0700 ERROR ExecProcessor - message from "/opt/splunk/bin/python2.7 /opt/splunk/etc/apps/SA-Eventgen/bin/modinput_eventgen.py" 2020-01-06 17:55:29 eventgen        DEBUG    MainProcess {'event': "Loading module 'generator.weblog' from 'weblog.py'"}

01-06-2020 17:55:29.191 +0700 ERROR ExecProcessor - message from "/opt/splunk/bin/python2.7 /opt/splunk/etc/apps/SA-Eventgen/bin/modinput_eventgen.py" 2020-01-06 17:55:29 eventgen        DEBUG    MainProcess {'event': "Searching for plugin in file '/opt/splunk/etc/apps/SA-Eventgen/lib/splunk_eventgen/lib/plugins/generator/weblog.py'"}

01-06-2020 17:55:29.191 +0700 ERROR ExecProcessor - message from "/opt/splunk/bin/python2.7 /opt/splunk/etc/apps/SA-Eventgen/bin/modinput_eventgen.py" 2020-01-06 17:55:29 eventgen        DEBUG    MainProcess {'event': "Loading module 'generator.replay' from 'replay.py'"}

01-06-2020 17:55:29.190 +0700 ERROR ExecProcessor - message from "/opt/splunk/bin/python2.7 /opt/splunk/etc/apps/SA-Eventgen/bin/modinput_eventgen.py" 2020-01-06 17:55:29 eventgen        DEBUG    MainProcess {'event': "Searching for plugin in file '/opt/splunk/etc/apps/SA-Eventgen/lib/splunk_eventgen/lib/plugins/generator/replay.py'"}

01-06-2020 17:55:29.189 +0700 ERROR ExecProcessor - message from "/opt/splunk/bin/python2.7 /opt/splunk/etc/apps/SA-Eventgen/bin/modinput_eventgen.py" 2020-01-06 17:55:29 eventgen        DEBUG    MainProcess {'event': "Loading module 'generator.perdayvolumegenerator' from 'perdayvolumegenerator.py'"}

01-06-2020 17:55:29.189 +0700 ERROR ExecProcessor - message from "/opt/splunk/bin/python2.7 /opt/splunk/etc/apps/SA-Eventgen/bin/modinput_eventgen.py" 2020-01-06 17:55:29 eventgen        DEBUG    MainProcess {'event': "Searching for plugin in file '/opt/splunk/etc/apps/SA-Eventgen/lib/splunk_eventgen/lib/plugins/generator/perdayvolumegenerator.py'"}

Is that normal?

There are about three "similar" folder I found
/SPLUNK_HOME/etc/apps/SA-Eventgen
/SPLUNK_HOME/etc/apps/SA-Eventgen/lib/splunk_eventgen
/SPLUNK_HOME/etc/apps/SA-Eventgen/lib/splunk_eventgen/splunk_apps

What is the purpose of them?

there is no explanation about it in documentation,
some say the doc in http://splunk.github.io/eventgen/ is not clear enough, which I also agree,

Perhaps anyone can help to enlight? Thanks

Tags (2)
0 Karma

badr_boukari
Explorer

Hey everyone, 

Please Help! I have the same problem here! 

I configure eventgen.conf to see some logs and it doesn't work .... When i checked "splunkd.log" i can see that the error comes from the script " modinput_eventgen.py "

Screen_Error_modinput_eventgen.PNG

 
 
 
 
 

Thanks in advance.

Best regards.

0 Karma

lwu_splunk
Splunk Employee
Splunk Employee

Thanks for posting that. We already have tickets to track the ERROR log issue you mentioned above.

And the code structure is also need to be clarify when ship as Splunk app. It is caused by historical reason that we need to ship Eventgen as both pip module and Splunk app.

0 Karma

ershishirkumar
Explorer

Hello buddy, could you please help me in this thread ???? I am not getting any solution for this

https://answers.splunk.com/answers/793070/how-to-install-eventgen-and-configure-splunk-butte.html

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...