Eventgen installation in a clustered environment

Hey Splunkers I'm trying to install and configure Eventgen in a distributed and clustered environment. So far I have: - installed the SA-Eventgen on the CM - pushed this app (via master-apps) to all indexers - added environment variables for the python scripts to reference. export SPLUNK_HOME=/opt/splunk export SPLUNK_DB=/opt/splunk/var/lib/splunk export SPLUNK_ETC=/opt/splunk/etc/ export LD_LIBRARY_PATH=/opt/splunk/lib/ Now I am getting this message in the Splunk GUI, and I'm not sure why. I believe it has to do with /opt/bin/splunk/python struggling. Search peer Indexer1000 has the following message: Unable to initialize modular input "modinput_eventgen" defined inside the app "SA-Eventgen": Introspecting scheme=modinput_eventgen: script running failed (exited with code 1). Running /opt/splunk/etc/master-apps/SA-Eventgen/bin/modinput_eventgen.py manually gives me this stack trace. [user@Indexer1000 bin]$ /opt/splunk/bin/python modinput_eventgen.py Traceback (most recent call last): File "modinput_eventgen.py", line 13, in from mod_input import ModularInput # noqa isort:skip File "/opt/splunk/etc/apps/SA-Eventgen/lib/mod_input/__init__.py", line 30, in if 'slave' in splunk.clilib.cli_common.getMergedConf('server').get('clustering', {}).get('mode', {}): File "/opt/splunk/lib/python2.7/site-packages/splunk/clilib/cli_common.py", line 267, in getMergedConf stdout = '%s' % getMergedConfRaw(confName) # how to make pylint believe it's a string File "/opt/splunk/lib/python2.7/site-packages/splunk/clilib/cli_common.py", line 320, in getMergedConfRaw return _get_conf_raw_internal(confName, ['btool', confName, 'list']) File "/opt/splunk/lib/python2.7/site-packages/splunk/clilib/cli_common.py", line 273, in _get_conf_raw_internal stdout=subprocess.PIPE, stderr=subprocess.PIPE) File "/opt/splunk/lib/python2.7/subprocess.py", line 394, in __init__ errread, errwrite) File "/opt/splunk/lib/python2.7/subprocess.py", line 1047, in _execute_child raise child_exception OSError: [Errno 2] No such file or directory I'm out of ideas, does anyone have any insights on this? It seems as if Eventgen really needs some massaging during configuration to get it to work in a distributed and clustered environment. Any and all tips are appreciated if you've done this. Thanks!