I am trying to run EventGen's tutorial 1 on a Windows host. Generated data is not going to my test index. I have tried modifying the .conf file to:
[search2.csv]
mode = replay
sampletype = csv
timeMultiple = 2
backfill = -15m
#backfillSearch = index=main sourcetype=splunkd
backfillSearch = index=cust1_index sourcetype=eventgen
index = cust1_index
sourcetype = eventgen
#outputMode = stdout
#outputMode = splunkstream
outputMode = modinput
splunkHost = localhost
splunkUser = admin
splunkPass =
When I look at eventgen.log after a reboot all I see is:
2016-09-30 12:26:36,206 INFO module='config' sample='null': Running as Splunk embedded
2016-09-30 12:26:36,503 INFO module='config' sample='null': Retrieving eventgen configurations from /configs/eventgen
When I search _internal for "eventgen" I see the event "Starting EventGen", followed by a series of GET and POST statements.
But no data is going to the index cust1_index.
↧