Eventgen
Overview
Details
Eventgen allows an app developer to get events into Splunk to test their applications. It provides a somewhat ridiculous amount of configurability to allow users to simulate real data.
To join the development community, please go to https://github.com/splunk/eventgen.
For documentation, please go to the Eventgen Documentation(http://splunk.github.io/eventgen/).
The Splunk Event Generator
The Splunk Event Generator is a utility which allows its user to easily build real-time event generators.
The current maintainers of this project are Brian Bingham (bbingham@splunk.com), Tony Lee (tonyl@splunk.com), and Jack Meixensperger (jackm@splunk.com).
The goals of this project:
- Eliminate the need for hand coded event generators in Splunk apps
- Allow for portability of event generators between applications and allow templates to be quickly adapted between use cases
- Allow every type of event or transaction to be modeled inside Eventgen
Documentation
Documentation is hosted at Eventgen Documentation.
For more information, please go to Eventgen Github Repository.
Release Notes
Version 7.2.1
- bugfix for perDayVolume
- update dependency package versions
- app is now cloud-vetted
- app can be installed without restart
Version 7.2.0
- added support for “interval” option in replay mode
- added new “splitSample” option
- added new "counter" generator
- added metrics logging
- bugfix for logging verbosity
- bugfix for replay mode threading and backfill generation
- bugfix for csv file handling
- bugfix for timeMultiple handling
NOTE: this version does not support Splunk >= 8.0 on Windows 10
Version 6.5.3
Maintenance release with ujson version fix and updated userName samples
Version 7.1.1
- fixed broken "fileRotator" config option
- update to default "source" behavior: unless specified, the default source is set to the sample name
NOTE: this version does not support Splunk >= 8.0 on Windows 10
Version 7.1.0
- fixed oom error caused by ujson
- added scp output plugin - use outputMode = scsout
- added --multithread support for server/controller architecture
- fix CI failures due to jinja in log config
NOTE: this version does not support Splunk >= 8.0 on Windows 10
Version 7.0.0
- Python3 support on 8.0
- Migrate to Python3 and 7.0.0 only supports Python3
- Fix random token replacement bug
- Enhance tutorial documentation
- Add syslogAddHeader option
- Fix timezone setting bug
- Fix out of memory issue when using multiprocess mode
- Remove some stale third party libraries
Note:
Please set "python.version = python3" in "server.conf" in $SPLUNK_HOME/etc/system/local in [general] stanza.
Version 6.5.2
- Fix zipfile bug
- Fix random token replacement bug
- Fix security vulnerability issue
- Fix custom plugin stale docs
- Fix timezone setting bug
- Fix multiprocess OOM issue
- Add syslogAddHeader config
Version 6.5.1
- Added metrics output mode
- Fixed regex token replacement issue
- Added test coverage information
- Increased functional test coverage
- Eventgen server complete revamp and standalone mode support
- Added contributor license
- Updated Dockerfile
- Added documentation
- Fixed bugs / stability / optimized speed
Version 6.4.0
- Fix exception log error
- Fix CircleCI status badage error
- Fix navigation error for app if installed with Splunk Stream
- Fix generatorWorkers not working error
- Fix interval error when end = 1
- Fix fileName in global stanza error
- Add 3rd party libs in SA-Eventgen App
- Add httpeventAllowFailureCount for httpevent
- Add 3rd party libs in license credit
- Disable logging queue in multiprocess mode
- Change implementation of extendIndex for better performance
Version 6.3.6
- Add functional tests for jinja template and modular input feature
- Fix default jinja template directory is not correctly resolved when sampleDir is set issue
- Fix verbose flag not working in splunk_eventgen command line issue
- Fix index, source, sourcetype are not correct when using splunkstream mode issue
- Fix ssh to container issue
- Fix perdayvolume without end setting error
- Update documentation for better reading and remove unrelated part
Version 6.3.4
- Cleaned up documentation
- Jinja template bugfix in SA-Eventgen app
- Implementation of 'timeMultiple’ option
- Templates for bugs/feature requests
- Fixed Jinja test configuration stanzas
- Fix for default behavior for 'count' edge cases
Version 6.3.3
- Added performance metrics compared to Eventgen 5.x
- New config option for generation-time metrics: outputCounter
- Jinja template fixes
- Timestamp parsing fix
- Output queueing fix for outputMode splunkstream
- Count rater fixes, now supports indefinite generation
Version 6.3.2
- Fixed verbosity bug from 6.3.1
- Added documentation
Version 6.3.1
- Fixed Eventgen Volume APIs
- Improved Eventgen Server Logging
- Corrected Eventgen Server and Controller conf syncing issue
- Adding verbosity options (ERROR, INFO, DEBUG) to Eventgen modinput
- Implemented future event generation support in replay mode
- Fixed Jinja template's missing default values
- Adjusted logging message levels for less verbosity
- Fixed event count off by 1 issue
- Fixed unnecessary empty data generators being created
- Updated dependency list
Version 6.3.0
- Bug fixes for the customer issues
- Documentation upgrade
- Code refactoring for version unification
- Logging improvements
Version 6.2.1
- Fixing SA-Eventgen Dashboard and log searching
- Improving internal logging and fixing splunkd logging issue
- Fixing timestamping in default generator
- Fixing custom plugin integration
- Fixing SA-Eventgen app settings
- Supporting Eventgen 5 backward compatibility with additional features
- Better modinput process management
- Minor Bugfixes with various customer cases