Eventgen

Eventgen allows an app developer to describe, through configuration or code, events to generate. This allows an app developer to get events into Splunk to test their applications. Eventgen is used internally at Splunk for developing numerous applications and demos. It provides a somewhat ridiculous amount of configurability to allow users to simulate real data. Developers provide an eventgen.conf file and a set of sample files. The eventgen.conf describes configuration settings for each sample and set of token replacements, which match a regular expression and provide a number of methods of substituting data. Samples can run in sample mode, which takes a number of events from the file and sends them to Splunk after substitution, replay mode which will sequentially run through the file and emit events as they occurred in time order by waiting the amount of time between events before emitting the next event, or using custom generators where the developer can write python code to generate events.