Skip to main content

vast limits GmbH and uberAgent are now part of Citrix, a business unit of Cloud Software Group. Learn more at Citrix.com.


This documentation does not apply to the most recent version of uberAgent. Click here for the latest version.

Demoing uberAgent With the Event Generator for Splunk

Demonstrating uberAgent can be a bit difficult if you do not have a few dozen PCs or XenApp servers available. To simplify this, we offer an event generator that simulates a terminal server farm with 50 active servers and 25 user sessions each.

Architecture

The uberAgent event generator is based on Splunk’s event generator app. Splunk’s generator contains the logic, uberAgent’s generator contains the sample data. They are packaged as individual Splunk apps.

Both apps can be used on Windows and on Linux based Splunk installations. Single server setups and distributed deployments are fully supported.

Installation

Splunk Event Generator

If you have a distributed Splunk environment, install the event generator on one of the indexers. If you have a single Splunk server, install the event generator on that server.

  • Download the generator as a Zip file from GitHub
  • On the Splunk server navigate to Manage apps
  • Click Install app from file (video instructions)
  • Select the archive you downloaded earlier and click Upload

Splunk’s event generator (version from 2017-01-24) sometimes introduces a delay when sending events to Splunk, which can lead to unexpected behavior when viewing data on uberAgent’s dashboards. To fix this make a change to the file $SPLUNK_HOME/etc/apps/eventgen-master/lib/eventgentimer.py. In line 214 replace the two lines

self.countdown -= self.time
time.sleep(self.time)

with

time.sleep(self.countdown)
self.countdown = 0

After saving the updated file restart Splunk.

uberAgent Event Generator

Install the uberAgent event generator on the same server on which you installed Splunk’s event generator.

  • Download the uberAgent event generator (find out what’s new in the changelog)
  • On the Splunk server navigate to Manage apps
  • Click Install app from file
  • Select the archive you downloaded earlier and click Upload
  • Restart Splunk

That’s it. The event generator starts generating events right after Splunk has been restarted. It will continue to do so for approx. 3 hours and then stop on its own. Just what you need for a demo. To re-enable restart Splunk again.

Configuration

Enabling or Disabling the Event Generator

To enable or disable the uberAgent event generator:

  1. On the Splunk server where the uberAgent event generator app is installed navigate to Manage apps
  2. Locate the uberAgent event generator app and click on enable or disable
  3. Restart Splunk

Advanced Configuration

The uberAgent event generator app is configurable through the configuration file eventgen.conf. The default configuration should work for all Splunk environments, but can be modified if necessary. A detailed description of all possible options can be found on GitHub.

Comments

Your email address will not be published. Required fields are marked *