search

splunk / eventgen

Splunk Event Generator: Eventgen
Apache License 2.0
376 stars 180 forks source link

[Bug] raw data changed to ? for some tokens. #354

Closed lijiwei25 closed 4 years ago

lijiwei25 commented 4 years ago

Describe the bug The raw data has been changed to '?' , some tokens as well. default/eventgen_wsgi.conf

sampleDir = /usr/lib/python3.7/site-packages/splunk_eventgen/serverSamples

[top.sample]
perDayVolume = 5.0
earliest = -1s
interval = 20
latest = now

[global]
outputCounter = true
threading = process
httpeventMaxPayloadSize = 256000
outputMode = stdout
generatorWorkers = 20
interval = 20

samples: 

PID    USER      PR    NI    VIRT  RES     SHR     S  pctCPU  pctMEM cpuTIME   COMMAND
@PID  @user     20     0   @VIRTM   @RESM    @SHR   S  @cpu    @mem      06:07.08  python
@PID  @user     20     0   @VIRTM   @RESM    @SHR   S  @cpu    @mem      02:15.99  splunkd
@PID  @user     20     0   @VIRTM   @RESM    @SHR   S  @cpu    @mem      02:15.99  splunkd
@PID  @user     20     0   @VIRTM   @RESM    @SHR   S  @cpu    @mem      02:15.99  splunkd
@PID  @user     20     0   @VIRTM   @RESM    @SHR   S  @cpu    @mem      02:15.99  splunkd
@PID  @user     20     0   @VIRTM   @RESM    @SHR   S  @cpu    @mem      01:49:33  firefox
@PID  root      20     0   @VIRTM   @RESM    @SHR   S  @cpu    @mem      02:07:57  activitymonitord
@PID  root      20     0   @VIRTM   @RESM    @SHR   S  @cpu    @mem      00:00.23  top
@PID  root      20     0   @VIRTM   @RESM    @SHR   S  @cpu    @mem      81:24.29  vmware-vmx
@PID  @user     20     0   @VIRTM   @RESM    @SHR   S  @cpu    @mem      00:01.84  mdworker
@PID  root      20     0   @VIRTM   @RESM    @SHR   S  @cpu    @mem      77:54.40  kernel_task

The results: 

PID    USER      PR    NI    VIRT  RES     SHR     S  pctCPU  pctMEM cpuTIME   COMMAND
@PID  james     ?     ?   @VIRTM   @RESM   6448K   ?  45.6    ?      06:07.08  python
@PID  james     ?     ?   @VIRTM   @RESM     22M   ?  15.6    ?      02:15.99  splunkd
@PID  james     ?     ?   @VIRTM   @RESM    107M   ?  15.3    ?      01:49:33  firefox
@PID  root      ?     ?   @VIRTM   @RESM    220K   ?  10.5    ?      02:07:57  activitymonitord
@PID  root      ?     ?   @VIRTM   @RESM    220K   ?  9.8     ?      00:00.23  top
@PID  root      ?     ?   @VIRTM   @RESM     16M   ?  5.4     ?      81:24.29  vmware-vmx
@PID  james     ?     ?   @VIRTM   @RESM   5572K   ?  3.4     ?      00:01.84  mdworker
@PID  root      ?     ?   @VIRTM   @RESM      0B   ?  2.2     ?      77:54.40  kernel_task
jmeixensperger commented 4 years ago

Can you please attach your full configuration file so we can see the token replacement settings?

li-wu commented 4 years ago

I will talk to Jiwei and fix this issue if needed.

li-wu commented 4 years ago

Finally found it is caused by top.sample.old and linux.ps.old sample files. Reopen it if you have further questions for it.