Demoing uberAgent With the Event Generator for Splunk
Demonstrating uberAgent can be a bit difficult if you do not have a few dozen machines with live users available. To simplify demos, we offer an event generator that simulates an RDSH site with 5 active servers and 10 user sessions each.
Starting with uberAgent version 6, the Splunk event generator dependency was removed and uberAgent event generator is a single Splunk app. When Splunk is started, a .NET Core program generates sample data. By default sample data for two hours is generated. If you want to generate additional sample data, you can either restart the Splunk service after 2 hours, or modify the
uAEventGen.conf file (see section “Advanced configuration”).
The Splunk app can be used on Windows, Linux, and on macOS-based Splunk installations. Single server setups and distributed deployments are fully supported. The standard installation sends the data to a local Splunk instance using the TCP port 19500.
As of uberAgent version 6, .NET Core is a prerequisite that must be installed on the same server where Splunk is installed. In the case of a distributed environment, .NET Core must be installed on the same Splunk indexers where you want to install the uberAgent event generator Splunk app.
You can download .NET Core here.
Install the uberAgent event generator on one of the indexers. If you have a single Splunk server, install the event generator on that server.
- Download the uberAgent event generator (find out what’s new in the changelog)
- On the Splunk server navigate to Manage apps
- Click Install app from file
- Select the archive you downloaded earlier and click Upload
- Restart Splunk
That’s it. The event generator starts generating events right after Splunk has been restarted. It will continue to do so for approx. 2 hours and then stop on its own. Just what you need for a demo. To re-enable restart Splunk again.
To enable or disable the uberAgent event generator:
- On the Splunk server where the uberAgent event generator app is installed navigate to Manage apps
- Locate the uberAgent event generator app and click on enable or disable
- Restart Splunk
The default configuration should work for a single instance Splunk environment. If you have a distributed Splunk environment or you want to generate different generated sample data, you can
modify the configuration file
uAEventGen.conf which is located
The file contains full documentation of all possible configuration options.