All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How to Set Varying Limit of Events Generated per Hour in SA-Eventgen to Emulate a Pattern from 1 Line of Sample?

Amusthofa
Explorer
‎02-11-2020 12:40 AM

Hi, Folks.

Say, I have a file with 1 line of sample text. My goal is to emulate patterns like this:

1 AM = 10 events
2 AM = 10 events
3 AM = 15 events
4 AM = 20 events
...
1 PM = 1000 events
2 PM = 1200 events
3 PM = 700 events
4 PM = 300 events
...

and so forth.

I understand that I can use the likes of minuteOfHourRate, hourOfDayRate, etc to have this kind of pattern IF I have sample files with multiple lines of sample event in it.

Is it possible to do the same if I only have 1 line in my sample file? Please advise.

Thank you.

Tags (1)
0 Karma
Reply

lwu_splunk
Splunk Employee
Splunk Employee
‎02-12-2020 04:17 AM

It should be fine to get it work though I have not tested it. But why do you provide only one line sample file, it is not hard to provide a multiple lines sample file.

0 Karma
Reply
Get Updates on the Splunk Community!

Webinar Recap | Revolutionizing IT Operations: The Transformative Power of AI and ML ...

The Transformative Power of AI and ML in Enhancing Observability   In the realm of IT operations, the ...

.conf24 | Registration Open!

Hello, hello! I come bearing good news: Registration for .conf24 is now open!   conf is Splunk’s rad annual ...

ICYMI - Check out the latest releases of Splunk Edge Processor

Splunk is pleased to announce the latest enhancements to Splunk Edge Processor.  HEC Receiver authorization ...