Closed alikat500 closed 4 years ago
li-wu
commented
4 years ago Hi @alikat500, sorry for late reply. I cannot reproduce the issue on the following condition:
And I also use this bundle for test.
Could you double check it? Thanks.
alikat500
commented
4 years ago Hi Li, No problem at all. I still see the same issue on my Windows 10 setup. I installed eventgen on Ubuntu without any issues. I will use the Ubuntu install for now to wrap up the course!
Thanks for the response!
li-wu
commented
4 years ago Thanks, @alikat500. I will close the ticket. Reopen it if you have further problems.
Describe the bug I installed Eventgen as a Splunk app by downloading Eventgen directly from splunkbase. After restarting Splunk service and logging into SplunkWeb, I noticed the following message:
"Unable to initialize modular input "modinput_eventgen" defined in the app "SA-Eventgen": Introspecting scheme=modinput_eventgen: script running failed (exited with code 1).."
I see see SA-Eventgen App in SplunkWeb.
However, I do not see SA-Eventgen as an input under Settings > Data inputs.
To Reproduce Steps to reproduce the behavior:
Expected behavior per installation instruction (http://splunk.github.io/eventgen/SETUP.html#splunk-app-installation), I should see SA-Eventgen as an input under Settings > Data inputs.
Actual behavior I do not see SA-Eventgen as an input under Settings > Data inputs. Also, there is the above mentioned message after Splunk restart.
Screenshots If applicable, add screenshots to help explain your problem.
Sample files and eventgen.conf file Please attach your sample files and eventgen conf file
Do you run eventgen with SA-eventgen? No If you are using SA-Eventgen with Splunk (please complete the following information):
Following is the cont of Splunk\etc\apps directory:
03/07/2020 17:19
Thanks Additional context Add any other context about the problem here.