I have a test environment in which I would like try the eventgen app. So I had successfully installed the eventgen app and trying to create a eventgen.conf which can replay the network_events.csv file in which the events were from multiple hosts, sources, sourcetypes.
In the below video link. the sample example was only helpful if the .csv file contains the events only from 1 index,1 host, 1 source, 1 sourcetype.
https://www.youtube.com/watch?v=9S-ZeGEfRKg&feature=youtu.be&hd=1
↧