-
-
-
-
-
-
Demoing uberAgent With the Event Generator for Splunk
-
Data Distribution and Separation (Routing to Multiple Backends)
This content has been machine translated dynamically.
Dieser Inhalt ist eine maschinelle Übersetzung, die dynamisch erstellt wurde. (Haftungsausschluss)
Cet article a été traduit automatiquement de manière dynamique. (Clause de non responsabilité)
Este artículo lo ha traducido una máquina de forma dinámica. (Aviso legal)
此内容已经过机器动态翻译。 放弃
このコンテンツは動的に機械翻訳されています。免責事項
이 콘텐츠는 동적으로 기계 번역되었습니다. 책임 부인
Este texto foi traduzido automaticamente. (Aviso legal)
Questo contenuto è stato tradotto dinamicamente con traduzione automatica.(Esclusione di responsabilità))
This article has been machine translated.
Dieser Artikel wurde maschinell übersetzt. (Haftungsausschluss)
Ce article a été traduit automatiquement. (Clause de non responsabilité)
Este artículo ha sido traducido automáticamente. (Aviso legal)
この記事は機械翻訳されています.免責事項
이 기사는 기계 번역되었습니다.책임 부인
Este artigo foi traduzido automaticamente.(Aviso legal)
这篇文章已经过机器翻译.放弃
Questo articolo è stato tradotto automaticamente.(Esclusione di responsabilità))
Translation failed!
Demoing uberAgent With the Event Generator for Splunk
Demonstrating uberAgent can be a bit difficult if you do not have a few dozen machines with live users available. To simplify demos, we offer an event generator that simulates an active environment with various hosts and users.
Architecture
Starting with uberAgent version 6, the Splunk event generator dependency was removed and uberAgent event generator is a single Splunk app. When Splunk is started, a .NET program generates sample data. By default sample data for two hours is generated. If you want to generate additional sample data, you can either restart the Splunk service after 2 hours, or modify the uAEventGen.conf.json file (see section "Advanced configuration").
The Splunk app can be used on Windows, Linux, and on macOS-based Splunk installations. Single server setups and distributed deployments are fully supported. The standard installation sends the data to a local Splunk instance using the TCP port 19500.
Installation
.NET 7
As of uberAgent version 7.1, .NET 7.0 is a prerequisite that must be installed on the same server where Splunk is installed. In the case of a distributed environment, .NET 7 must be installed on the same Splunk indexers where you want to install the uberAgent event generator Splunk app.
You can download .NET 7.0 here.
uberAgent Event Generator
Install the uberAgent event generator on one of the indexers. If you have a single Splunk server, install the event generator on that server.
- Download the uberAgent event generator (find out what’s new in the changelog)
- On the Splunk server navigate to Manage apps
- Click Install app from file
- Select the archive you downloaded earlier and click Upload
- Restart Splunk
That’s it. The event generator starts generating events right after Splunk has been restarted. It will continue to do so for approx. 2 hours and then stop on its own. Just what you need for a demo. To re-enable restart Splunk again.
Configuration
Enabling or Disabling the Event Generator
To enable or disable the uberAgent event generator:
- On the Splunk server where the uberAgent event generator app is installed navigate to Manage apps
- Locate the uberAgent event generator app and click on enable or disable
- Restart Splunk
Advanced Configuration
The default configuration should work for a single instance Splunk environment. If you have a distributed Splunk environment or you want to generate different generated sample data, you can
modify the configuration file uAEventGen.conf.json which is located %Splunkhome%/etc/apps/uberAgent_eventgenerator/bin/uAEventGenBinaries/your platform. On a Linux system, for example, this would be: /opt/splunk/etc/apps/uberAgent_eventgenerator/bin/uAEventGenBinaries/Linux
The file contains full documentation of all possible configuration options.
Running Event Generator on macOS ARM
The Eventgen binaries are currently not signed with any certificate. MacOS on an ARM CPU requires a valid certificate otherwise the executable is terminated/killed directly after process startup. In order to start the event generator on a macOS run the following command:
codesign -s "-" /opt/splunk/etc/apps/uberAgent_eventgenerator/bin/uAEventGenBinaries/macOS/uAEventGen
The command adds an ad-hoc certificate to the executed binary.
Share
Share
In this article
This Preview product documentation is Citrix Confidential.
You agree to hold this documentation confidential pursuant to the terms of your Citrix Beta/Tech Preview Agreement.
The development, release and timing of any features or functionality described in the Preview documentation remains at our sole discretion and are subject to change without notice or consultation.
The documentation is for informational purposes only and is not a commitment, promise or legal obligation to deliver any material, code or functionality and should not be relied upon in making Citrix product purchase decisions.
If you do not agree, select I DO NOT AGREE to exit.