jmeixensperger
commented
4 years ago Can you try with version 7.1.1? #383 may address your issue.
Closed dewongway closed 3 years ago
jmeixensperger
commented
4 years ago Can you try with version 7.1.1? #383 may address your issue.
I'm trying to generate a bunch of output files at 200Mb each. I'm using the fileMaxBytes and fileBackupFiles to define the size and how many copies to keep. Eventgen seems to ignore these parameters as the generated file goes over the specified size and Eventgen does not rotate the file.
I'm running eventgen 7.1.0 on CentOS 7.7
/usr/local/bin/splunk_eventgen --version
Eventgen 7.1.0
Python3.8 is installed and used with Eventgen
python3.8 --version
Python 3.8.1
Here's the full eventgen configuration file:
[global] threading = process
[syslog_sample.log] sampleDir = . interval = 1 generatorWorkers = 16
perDayVolume = # a size suplied in GB per day
count = -1 outputMode = file fileName = /data1/new_sample_syslog_eventgen.log fileMaxBytes = 209715200 fileBackupFiles = 10
timestamp regular expression match string
token.0.token = \w{3}\s+\d+\s\d{2}:\d{2}:\d{2} token.0.replacementType = timestamp
Timestamp replacement string
token.0.replacement = %Y-%m-%d %H:%M:%S,%f
token.0.replacement = %b %d %H:%M:%S
Installed pip modules:
pip3.8 list
Package Version
apipkg 1.5 atomicwrites 1.4.0 attrs 19.3.0 boto3 1.13.19 botocore 1.16.19 certifi 2020.4.5.1 cffi 1.14.0 chardet 3.0.4 click 7.1.2 coverage 4.5.4 cryptography 2.9.2 docker 3.7.3 docker-pycreds 0.4.0 docutils 0.15.2 execnet 1.7.1 flake8 3.8.2 Flask 1.1.2 httplib2 0.18.1 idna 2.9 importlib-metadata 1.6.0 isort 4.3.21 itsdangerous 1.1.0 Jinja2 2.10.3 jmespath 0.10.0 lxml 4.5.1 MarkupSafe 1.1.1 mccabe 0.6.1 mock 4.0.2 more-itertools 8.3.0 packaging 20.4 pip 20.1.1 pluggy 0.13.1 py 1.8.1 pycodestyle 2.6.0 pycparser 2.20 pyflakes 2.2.0 pyOpenSSL 19.1.0 pyparsing 2.4.7 pytest 4.6.4 pytest-cov 2.9.0 pytest-forked 1.1.3 pytest-mock 3.1.0 pytest-xdist 1.32.0 python-dateutil 2.8.1 PyYAML 5.3.1 redis 3.3.10 requests 2.23.0 requests-futures 1.0.0 s3transfer 0.3.3 setuptools 41.2.0 six 1.15.0 splunk-eventgen 7.1.0 ujson 2.0.3 urllib3 1.24.2 uuid 1.30 wcwidth 0.1.9 websocket-client 0.57.0 Werkzeug 1.0.1 yapf 0.30.0 zipp 3.1.0
Command to launch Eventgen:
python3.8 -m splunk_eventgen -v generate tests/sample_eventgen_conf/medium_test/eventgen.conf.fileoutput2
The output file generated:
ll /data1
total 827197008 -rw-r--r-- 1 root root 1258291212 Jun 16 13:46 new_sample_syslog_eventgen.log
The output file size goes over the 200Mb specified in the configuration and no rotation occurred.