I'm trying to test some things with my Splunk Windows installs and I'd like to have reliable test data. When I test *nix logs with Splunk I tend to use 'logger' to create the messages. I've been unable to find an equivalent for Windows (preferably 7). Does something like that exist? or is there a technique to force Windows to send logs (without having to actually do the action that makes the log?)
Eventcreate sounds like what you might be looking for:
More on eventcreate - yes, it's the XP docs, but it 100% works in 2003.
well, you could just eat your event logs, no?
On your Manager » Data inputs
, get WMI events and system logging to come in, youll see plenty of goodies for you to test on.
I could, and in fact I already am. What I'm looking for is a way to generate logs with any EventCode for testing purposes. That way, I can know for certain that EventCode = 1901 was sent, and can then verify that it was indexed (or not) properly.