jmeixensperger
commented
4 years ago I noticed that you were setting: splunkPort = 8088
For outputMode = splunkstream, the port should be the Splunk management port (8089 by default). 8088 is the HEC port, used for sending HTTP events. You can also use this method to get data into Splunk with the outputMode = httpevent option.
I'm trying to run eventgen ( as a pip module ) with outputMode = splunkstream, but I see no data being generated in Splunk. The command that I'm running is: $ splunk_eventgen -v generate /usr/splunk/etc/apps/Splunk_TA_nix/default/eventgen.conf (I've tried putting eventgen.conf in the local directory and that doesn't work either)
This is what I see in the log (located in /usr/local/lib/python3.7/site-packages/splunk_eventgen/logs/eventgen-main.log), and even though there seems to be no errors shown, I still don't see any events being sent to Splunk. I also looked at all the other log files in the logs directory, and they're all empty.
Here's my eventgen.conf file and the sample file: eventgen.conf.zip
Also, I ran it with outputMode = stdout and that works, but I'm trying to send data to Splunk with no success. Would appreciate any help on this.