Hi, I´m new to Splunk and Eventgen.
I have a sample with 24 events distributed over 1 day (timestamps from 19.11.2018 00:52:54 till 19.11.2018 23:52:54).
I need to "replay" the entire sample once every day, so that each event has the same time as in the sample (i.e. from 23.01.2019 00:52:54 till 23.01.2019 23:52:54).
It works pretty well with this entry in eventgen.conf:
[exxample.csv]
mode = sample
count = 24
interval = 86400
sampletype = csv
outputMode = splunkstream
token.0.token = \d{2}.\d{2}.\d{4}
token.0.replacementType = timestamp
token.0.replacement = %d.%m.%Y
But when restarting Splunk, Eventgen generates the events again in the same way, so that duplicate events appearing in the index. Can I prevent this with Eventgen configurating? Thank you in advance.
... View more