Eventgen not starting in standalone mode

[asmithHPE]

Issue: I am invoking eventgen by running “splunk_eventgen -v generate path/to/eventgen.conf”. I have attached the current configuration file that we are attempting to use. The sample file is sitting in the “samples” folder where it should be. When I try to start eventgen up there are no errors, no log files generated, nothing – it simply just goes to the next line on the command line ready to receive the next command. Nothing shows up when I try to display what is actively running on the system. So, I am at a loss for what I need to do to get this functional.

OS: CentOS 7.8 Eventgen: 7.1.1 eventgen.conf: [sample_seed]

mode = sample interval = 5 earliest = 5s latest = now generator = default count = -1 hourOfDayRate = {"0": 0.8, "1": 1.0, "2": 0.9, "3": 0.7, "4": 0.4, "5":0.2, "6": 0.9, "7": 0.5, "8": 0.6, "9": 2.0, "10": 1.0, "11": 0.4, "12": 0.3, "13": 0.5, "14": 0.6, "15": 0.7, "16": 0.8, "17": 0.9, "18": 0.3, "19": 1.0, "20": 0.4, "21": 0.5, "22": 0.6, "23": 0.8} dayOfWeekRate = {"0": 0.8, "1": 1.0, "2": 0.9, "3": 0.7, "4": 0.4, "5":0.2, "6": 0.9} perDayVolume = 40 randomizeCount = .4 randomizeEvents = true outputMode = httpevent httpeventServers = {"servers":[{ "protocol":"http", "address":"192.168.3.101", "port":"8088", "key":"13109a1a-5576-4ff6-b5c6-a23af993a596"}]} sourcetype = eventgen_test

[gruhby]

Instead of earliest = 5s try earliest = -5s.

[asmithHPE]

its generating data just fine, but its just not leaving to the assigned ip

[jmeixensperger]

@asmithHPE we have fixed the logging in the 7.2.0 release. By default, they should be generated under the splunk_eventgen python site-package path in a "logs" directory. I don't see any glaring issues with your httpevent configuration. Have you tried using "https" protocol / are you sure you need "http"?