Basic config does not run

[inventsekar]

Hi, firstly, thanks for this tool.. (but no thanks for the documentation)..

1. SA-Eventgen -> lib -> splunk_eventgen is not there. main.py also not there.
2. For testing purposes, i would like to run.... python bin/eventgen.py README/eventgen.conf.tutorial1 But the eventgen.py not available and the other Python scripts give errors.
3. I am trying a very basic configuration, but it fails.. detailed info here.... https://answers.splunk.com/answers/768622/eventgen-basic-configuration-but-still-not-generat.html

[li-wu]

@inventsekar Which version are you using for SA-Eventgen?

[inventsekar]

The latest one(6.5.1)...Installed as a splunk app (tried the pip/git installation, but got lot more errors)

[li-wu]

@inventsekar I downloaded SA-Eventgen from here: https://splunkbase.splunk.com/app/1924/ and extract it, the lib->splunk_eventgen is there.

[inventsekar]

Thanks for your reply..ok let me check again.. but do you have main.py? I created a sample app and a simple config file and sample file.. then eventgen automatically will read the config file or should I manually run it? Anyhow, both methods fail.

[li-wu]

The SA-Eventgen runs as a modular input and the entry point is bin/modinput_eventgen.py.

I saw your post in Splunk answer and maybe you forget to enable the modular input?

[inventsekar]

Enabling the modular input is needed for that command line running? Or enabling the modular input is a must to use eventgen in any form, please clarify. At first I tried a reply example( i assumed that events will be sent/streamed to sollunka directly. Somehow nothing happened. Then i tried to put the events to a temp log file, but nothing happened.

[li-wu]

If you are using Eventgen as pip module out of Splunk, then it is not needed. If you are using Eventgen as app, then you need to enable the modular input.

[li-wu]

Reopen it if you still have issue with it.

[inventsekar]

Hi Li-wu, i have enabled the modular input, pls find the screenshot.

and as suggested on this page: http://splunk.github.io/eventgen/BASICS.html Running the example You can easily run these examples by hand. In fact, for testing purposes, I almost always change outputMode = stdout to visually examine the data. Run the command below from directory $EVENTGEN_HOME/splunk_eventgen.

python -m splunk_eventgen generate README/eventgen.conf.tutorial1

i tried to run this above command as: [root@ip-address SA-Eventgen]# python -m ./lib/splunk_eventgen generate README/eventgen.conf.tutorial1 /bin/python: Relative module names not supported [root@ip-address SA-Eventgen]#

[root@ip-address SA-Eventgen]# ll total 16 drwxr-xr-x. 2 root root 53 Aug 30 05:04 bin drwxr-xr-x. 3 root root 169 Aug 30 05:04 default drwxr-xr-x. 7 root root 200 Aug 30 05:04 lib -rwxr-xr-x. 1 root root 11358 Aug 30 05:04 LICENSE drwxr-xr-x. 2 root root 44 Aug 30 05:04 metadata drwxr-xr-x. 2 root root 56 Aug 30 05:04 README drwxr-xr-x. 2 root root 4096 Aug 30 05:04 samples [root@ip-address SA-Eventgen]# python -m splunk_eventgen generate README/eventgen.conf.tutorial1 /bin/python: No module named splunk_eventgen [root@ip-address SA-Eventgen]# pwd /opt/splunk/etc/apps/SA-Eventgen [root@ip-address SA-Eventgen]# find ./ -name splunk_eventgen ./lib/splunk_eventgen [root@ip-address SA-Eventgen]# python -m ./lib/splunk_eventgen generate README/eventgen.conf.tutorial1 /bin/python: Relative module names not supported [root@ip-address SA-Eventgen]#

[li-wu]

You are using SA-Eventgen, splunk will execute the command for you. So you do not need to manually execute python -m splunk_eventgen generate README/eventgen.conf.tutorial1. After you have enabled it. You can find the events in splunk.

Besides, check the my answer here: https://answers.splunk.com/answers/768622/eventgen-basic-configuration-but-still-not-generat.html

[inventsekar]

instead of the relative module names, i have given the full path.. i tried to run with Splunk's python and linux's python.. both failed..

[root@ip-address SA-Eventgen]# /opt/splunk/bin/splunk cmd python -m ./lib/splunk_eventgen generate README/eventgen.conf.tutorial1 /opt/splunk/bin/python: Relative module names not supported [root@ip-address SA-Eventgen]# /opt/splunk/bin/splunk cmd python -m /opt/splunk/etc/apps/SA-Eventgen/lib/splunk_eventgen generate README/eventgen.conf.tutorial1 Traceback (most recent call last): File "/opt/splunk/lib/python2.7/runpy.py", line 163, in _run_module_as_main mod_name, _Error) File "/opt/splunk/lib/python2.7/runpy.py", line 111, in _get_module_details import(mod_name) # Do not catch exceptions initializing package ImportError: Import by filename is not supported. [root@ip-address SA-Eventgen]# python -m /opt/splunk/etc/apps/SA-Eventgen/lib/splunk_eventgen generate README/eventgen.conf.tutorial1 /bin/python: Import by filename is not supported.; '/opt/splunk/etc/apps/SA-Eventgen/lib/splunk_eventgen' is a package and cannot be directly executed [root@ip-address SA-Eventgen]#

[inventsekar]

"Reopen it if you still have issue with it."

May i know how to reopen this issue? I am not seeing options to reopen