├── .circleci └── config.yml ├── .editorconfig ├── .flake8 ├── .github ├── CODEOWNERS └── ISSUE_TEMPLATE │ ├── bug-report.md │ └── feature_request.md ├── .gitignore ├── CONTRIBUTING.md ├── LICENSE ├── Makefile ├── README.md ├── dockerfiles ├── Dockerfile ├── entrypoint.sh └── sshd_config ├── docs ├── .gitignore ├── ARCHITECTURE.md ├── BASICS.md ├── CHANGELOG.md ├── CONFIGURE.md ├── CONTRIBUTE.md ├── CONTRIBUTE_CODE.md ├── FILE_ISSUES.md ├── Gemfile ├── Gemfile.lock ├── PERFORMANCE.md ├── PLUGINS.md ├── REFERENCE.md ├── SETUP.md ├── SUMMARY.md ├── TUTORIAL.md ├── UPGRADE.md ├── _config.yml ├── images │ ├── splunk_web_sa_eventgen.png │ └── splunk_web_sa_eventgen_modinput.png └── index.md ├── poetry.lock ├── pyproject.toml ├── release_tool ├── README.md └── prepare_release_branch.py ├── run_tests.py ├── splunk_eventgen ├── README │ ├── default.meta.example │ ├── eventgen-standalone.conf.tutorial1 │ ├── eventgen-standalone.conf.tutorial2 │ ├── eventgen-standalone.conf.tutorial3 │ ├── eventgen.conf.example │ ├── eventgen.conf.tutorial0 │ ├── eventgen.conf.tutorial1 │ ├── eventgen.conf.tutorial2 │ ├── eventgen.conf.tutorial3 │ └── eventgen.conf.tutorial4 ├── __init__.py ├── __main__.py ├── default │ └── eventgen.conf ├── eventgen_api_server │ ├── eventgen_controller.py │ ├── eventgen_controller_api.py │ ├── eventgen_core_object.py │ ├── eventgen_server.py │ ├── eventgen_server_api.py │ └── redis_connector.py ├── eventgen_core.py ├── identitygen.py ├── lib │ ├── __init__.py │ ├── eventgen_defaults │ ├── eventgenconfig.py │ ├── eventgenexceptions.py │ ├── eventgenoutput.py │ ├── eventgensamples.py │ ├── eventgentimer.py │ ├── eventgentimestamp.py │ ├── eventgentoken.py │ ├── generatorplugin.py │ ├── logging_config │ │ └── __init__.py │ ├── outputcounter.py │ ├── outputplugin.py │ ├── plugins │ │ ├── __init__.py │ │ ├── generator │ │ │ ├── __init__.py │ │ │ ├── counter.py │ │ │ ├── default.py │ │ │ ├── jinja.py │ │ │ ├── perdayvolumegenerator.py │ │ │ ├── replay.py │ │ │ ├── weblog.py │ │ │ └── windbag.py │ │ ├── output │ │ │ ├── __init__.py │ │ │ ├── awss3.py │ │ │ ├── counter.py │ │ │ ├── devnull.py │ │ │ ├── file.py │ │ │ ├── httpevent.py │ │ │ ├── httpevent_core.py │ │ │ ├── metric_httpevent.py │ │ │ ├── modinput.py │ │ │ ├── s2s.py │ │ │ ├── scsout.py │ │ │ ├── splunkstream.py │ │ │ ├── spool.py │ │ │ ├── stdout.py │ │ │ ├── syslogout.py │ │ │ ├── tcpout.py │ │ │ └── udpout.py │ │ └── rater │ │ │ ├── __init__.py │ │ │ ├── backfill.py │ │ │ ├── config.py │ │ │ ├── counter.py │ │ │ └── perdayvolume.py │ ├── raterplugin.py │ ├── requirements.txt │ └── timeparser.py ├── logs │ └── __init__ ├── samples │ ├── anomalous.hostname.sample │ ├── anomalous.ip_address.sample │ ├── anomalous.mac_address.sample │ ├── artIDs.sample │ ├── artists.sample │ ├── city.state.zipcode │ ├── dist.all.last │ ├── dist.female.first │ ├── dist.male.first │ ├── external_ips.sample │ ├── firstNames.sample │ ├── hostname.sample │ ├── iana_domains.sample │ ├── internal_ips.sample │ ├── ip_address.sample │ ├── lastNames.sample │ ├── linux_arch.sample │ ├── mac_address.sample │ ├── malicious_domains.sample │ ├── markets.sample │ ├── mdn.sample │ ├── networkProvider.sample │ ├── oracle11.action.sample │ ├── oracleUserNames.sample │ ├── orderType.sample │ ├── orig.sample.mobilemusic.csv │ ├── phones.sample │ ├── plans.sample │ ├── radPIDs.sample │ ├── radhosts.sample │ ├── random_domains.sample │ ├── sample.businessevent │ ├── sample.mobilemusic │ ├── sample.mobilemusic.csv │ ├── sample.tutorial0 │ ├── sample.tutorial1 │ ├── sample.tutorial2 │ ├── sample.tutorial3 │ ├── sample.tutorial4 │ ├── searchArtists.sample │ ├── sha1_checksums.sample │ ├── states │ ├── states.abbrev │ ├── street.types │ ├── streetNames.sample │ ├── streetSuffixes.sample │ ├── streets │ ├── trackIDs.sample │ ├── transType.sample │ ├── uris.sample │ ├── userHostIp.sample │ ├── userName.sample │ ├── useragents.sample │ ├── useragents_desktop.sample │ ├── useragents_mobile.sample │ ├── vmware-actuals-guest-aggregate.csv │ ├── vmware-actuals-guest-instance.csv │ ├── vmware-actuals-guest.csv │ ├── vmware-actuals-host-aggregate.csv │ ├── vmware-actuals-host-instance.csv │ ├── vmware-actuals-host.csv │ ├── vmware-fields.csv │ ├── vmware-hierarchy.csv │ ├── vmware-inventory.csv │ ├── vmware-migration.csv │ ├── vmware-perf-guest-aggregate.csv │ ├── vmware-perf-guest-instance.csv │ ├── vmware-perf-host-aggregate.csv │ ├── vmware-perf-host-instance.csv │ ├── vmware-perf.csv │ ├── webhosts.sample │ └── windbag └── splunk_app │ ├── LICENSE │ ├── README.md │ ├── README │ ├── eventgen.conf.spec │ └── inputs.conf.spec │ ├── bin │ ├── .gitignore │ ├── __init__.py │ └── modinput_eventgen.py │ ├── default │ ├── app.conf │ ├── data │ │ └── ui │ │ │ └── nav │ │ │ └── default.xml │ ├── distsearch.conf │ ├── distsearch.conf.windows │ ├── inputs.conf │ ├── props.conf │ └── transforms.conf │ ├── lib │ ├── __init__.py │ ├── mod_input │ │ ├── __init__.py │ │ └── fields.py │ └── xmloutput.py │ ├── metadata │ └── default.meta │ └── static │ ├── appIcon.png │ └── appIcon_2x.png └── tests ├── .coveragerc ├── .gitignore ├── large ├── README.md ├── conf │ ├── eventgen_extend_index.conf │ ├── eventgen_jinja_advance.conf │ ├── eventgen_jinja_simple.conf │ ├── eventgen_jinja_tmpl_dir.conf │ ├── eventgen_output_modinput.conf │ ├── eventgen_perdayvolume.conf │ ├── eventgen_perdayvolume_large_token.conf │ ├── eventgen_perdayvolume_small_token.conf │ ├── eventgen_plugin_devnull.conf │ ├── eventgen_plugin_file.conf │ ├── eventgen_plugin_httpevent.conf │ ├── eventgen_plugin_s2s.conf │ ├── eventgen_plugin_splunkstream.conf │ ├── eventgen_plugin_spool.conf │ ├── eventgen_replay.conf │ ├── eventgen_replay_backfill.conf │ ├── eventgen_replay_backfill_greater_interval.conf │ ├── eventgen_replay_csv.conf │ ├── eventgen_replay_csv_with_tz.conf │ ├── eventgen_replay_end_1.conf │ ├── eventgen_replay_end_2.conf │ ├── eventgen_replay_timeMultiple.conf │ ├── eventgen_sample.conf │ ├── eventgen_sample_backfill.conf │ ├── eventgen_sample_breaker.conf │ ├── eventgen_sample_count.conf │ ├── eventgen_sample_csv.conf │ ├── eventgen_sample_earliest.conf │ ├── eventgen_sample_end.conf │ ├── eventgen_sample_generatorWorkers.conf │ ├── eventgen_sample_interval.conf │ ├── eventgen_sample_latest.conf │ ├── eventgen_sample_multiprocess.conf │ ├── eventgen_sample_regex_csv.conf │ ├── eventgen_sample_regex_integer.conf │ ├── eventgen_sample_regex_wildcard.conf │ ├── eventgen_token_replacement.conf │ └── eventgen_tutorial1.conf ├── conftest.py ├── provision │ ├── Dockerfile │ ├── add_httpevent_collector.sh │ ├── docker-compose.yml │ ├── install_docker_compose.sh │ └── provision.sh ├── results │ └── __init__.py ├── sample │ ├── breakersample │ ├── cisco │ ├── city.csv │ ├── cp.csv │ ├── film.json │ ├── id.csv │ ├── ip.csv │ ├── replay │ ├── sample │ ├── sample1 │ ├── sample2 │ ├── templates │ │ ├── test_jinja_tmpl_advance.j2 │ │ └── test_jinja_tmpl_simple.j2 │ ├── templates_4_test │ │ └── test_jinja_tmpl_dir.j2 │ ├── timeorder.csv │ ├── timeorderXcsv │ ├── timeorder_regex.csv │ ├── timezone.csv │ ├── tokenreplacement.sample │ └── tutorial1.csv ├── splunk │ ├── __init__.py │ ├── appserver │ │ ├── __init__.py │ │ └── mrsparkle │ │ │ ├── __init__.py │ │ │ └── lib │ │ │ ├── __init__.py │ │ │ └── util.py │ ├── clilib │ │ ├── __init__.py │ │ ├── bundle_paths.py │ │ └── cli_common.py │ ├── entity.py │ ├── input.xml │ ├── models │ │ ├── __init__.py │ │ └── app.py │ └── version.py ├── test_eventgen_orchestration.py ├── test_extend_index.py ├── test_jinja_template.py ├── test_mode_replay.py ├── test_mode_sample.py ├── test_mode_sample_multiprocess.py ├── test_modular_input.py ├── test_output_modinput.py ├── test_output_plugin.py ├── test_perdayvolume.py ├── test_token_replacement.py └── utils │ ├── __init__.py │ ├── eventgen_test_helper.py │ └── splunk_search_util.py ├── medium └── plugins │ ├── test_file_output.py │ ├── test_jinja_generator.py │ ├── test_scs_output.py │ ├── test_syslog_output.py │ ├── test_syslog_output_with_header.py │ ├── test_tcp_output.py │ └── test_udp_output.py ├── perf ├── eventgen.conf.test1 ├── eventgen.conf.test2 ├── eventgen.conf.test3 └── samples │ └── windbag-5-tokens ├── sample_bundle.zip ├── sample_eventgen_conf ├── autotimestamp │ └── eventgen.conf.autotimestamp ├── backfill │ ├── eventgen.conf.backfillend │ ├── eventgen.conf.backfillreplay │ └── eventgen.conf.backfillsample ├── breakersample │ ├── breakersample │ ├── eventgen.conf.breakersample │ └── eventgen.conf.randombreakersample ├── bundlelines │ ├── csv │ ├── eventgen.conf.bundlelinescsv │ ├── eventgen.conf.bundlelinesraw │ └── raw ├── counter │ └── eventgen.conf.counter ├── eventgen.conf.test1 ├── httpevent │ └── eventgen.conf.httpevent ├── jinja │ ├── eventgen.conf.jinja │ ├── eventgen.conf.jinja_basic │ ├── eventgen.conf.jinja_example │ ├── eventgen.conf.jinja_time_examples │ └── templates │ │ ├── CxlRejReason.template │ │ ├── OrdRejReason_103.template │ │ ├── count_test.template │ │ ├── examples │ │ ├── test_jinja_advanced.template │ │ ├── test_jinja_advanced_extension.template │ │ └── trans_jinja.template │ │ ├── filled_order_cancel.template │ │ ├── fix_includes.template │ │ ├── fix_tags │ │ ├── import_test.template │ │ ├── new_order_with_fill.template │ │ ├── new_order_with_fill_times.template │ │ ├── order_cancel_request.template │ │ ├── order_errors.template │ │ ├── order_over_max.template │ │ ├── random_slice.template │ │ ├── random_slice_count.template │ │ ├── test_event.template │ │ ├── test_event2.template │ │ ├── test_event3.template │ │ ├── test_jinja.template │ │ ├── test_jinja_advanced.template │ │ ├── test_jinja_advanced_extension.template │ │ ├── test_jinja_basic.template │ │ ├── test_jinja_loop.template │ │ ├── test_jinja_timeexamples.template │ │ ├── test_jinja_timeslice 2.template │ │ ├── test_jinja_timeslice.template │ │ └── timeslice_examples.template ├── largerconfig │ └── eventgen.conf.largerconfig ├── medium_test │ ├── eventgen.conf.fileoutput │ ├── eventgen.conf.scsoutput │ ├── eventgen.conf.syslogoutput │ ├── eventgen.conf.syslogoutputwithheader │ ├── eventgen.conf.tcpoutput │ └── eventgen.conf.udpoutput ├── perdayvolume │ ├── eventgen.conf.perdayvolume │ ├── eventgen.conf.perdayvolumesinglerun │ └── perdayvolume ├── perf │ ├── eventgen.conf.perfsample │ ├── eventgen.conf.perfsampleweblog │ ├── eventgen.conf.perfsampleweblog-s2s │ ├── eventgen.conf.perfweblog │ ├── eventgen.conf.perfwindbag │ └── weblog │ │ ├── #items.sample# │ │ ├── WoCInGameActions │ │ ├── actions.sample │ │ ├── cheeseMen.sample │ │ ├── cheeseWomen.sample │ │ ├── external_ips.sample │ │ ├── game.sample │ │ ├── gameservers.sample │ │ ├── guids.sample │ │ ├── items.sample │ │ ├── menCustomerIds.sample │ │ ├── platforms.sample │ │ ├── sample.BSDInGameActions │ │ ├── sample.CheeseProductionMen │ │ ├── sample.CheeseProductionWomen │ │ ├── sample.DreamCrusherInGameActions │ │ ├── sample.PvZInGameActions │ │ ├── sample.WoCInGameActions │ │ ├── sample.platform │ │ ├── sample.shoppingapacheBrowse │ │ ├── sample.shoppingapacheCart │ │ ├── sample.shoppingapachePurchase │ │ ├── sample.vendors │ │ ├── useragents.sample │ │ ├── webhosts.sample │ │ ├── webserverstatus.sample │ │ └── womenCustomerIds.sample ├── replay │ ├── badtimestamp │ ├── eventgen.conf.badtimestamp │ ├── eventgen.conf.replay │ ├── eventgen.conf.timeorder │ ├── replay │ └── timeorder.csv ├── replaytimestamp │ ├── eventgen.conf.replaytimestamp │ └── sample.mobilemusic.csv ├── sample │ ├── eventgen.conf.epochtime │ ├── eventgen.conf.fullsample │ ├── eventgen.conf.longsample │ ├── eventgen.conf.notoken │ ├── eventgen.conf.randomsample │ ├── eventgen.conf.shortsample │ └── sample ├── scsout │ ├── eventgen.conf │ └── splunk_cloud_platform_events.txt ├── splitsample │ └── eventgen.conf.splitcounter ├── test1 │ ├── categories.sample │ ├── items.sample │ ├── products.sample │ ├── shoppingactions.sample │ ├── useragents.sample │ ├── webhosts.sample │ └── webserverstatus.sample ├── unit │ └── eventgen.conf.config └── windbag │ ├── eventgen.conf.windbag │ └── eventgen.conf.windbag.end ├── sample_jinja_addon.zip ├── small └── test_main.py ├── test-reports └── .placeholder └── unit ├── conftest.py ├── test_eventgenconfig.py └── test_timeparser.py /.circleci/config.yml: -------------------------------------------------------------------------------- 1 | # Python CircleCI 2.0 configuration file 2 | # 3 | # Check https://circleci.com/docs/2.0/language-python/ for more details 4 | # 5 | version: 2 6 | jobs: 7 | test_eventgen: 8 | machine: 9 | image: circleci/classic:201808-01 10 | steps: 11 | - checkout 12 | - run: 13 | name: Enable Py3 14 | command: | 15 | pyenv global 3.7.0 16 | - run: 17 | name: Run Flake8 Code Lint 18 | command: | 19 | set -e 20 | pip install "flake8>=3.7.7" 21 | make lint-all 22 | - run: 23 | name: Check Code Format 24 | command: | 25 | set -e 26 | pip install "black>=20.8b1" "isort>=5.4.2" 27 | make format-check 28 | - run: 29 | name: Run Tests 30 | command: | 31 | pip3 install --upgrade pip 32 | pip3 install poetry 33 | set -e 34 | make test 35 | no_output_timeout: 30m 36 | 37 | - store_test_results: 38 | path: /home/circleci/project/tests/test-reports 39 | - store_artifacts: 40 | path: /home/circleci/project/tests/test-reports 41 | - store_artifacts: 42 | path: /home/circleci/project/htmlcov 43 | 44 | workflows: 45 | version: 2 46 | run_tests: 47 | jobs: 48 | - test_eventgen 49 | -------------------------------------------------------------------------------- /.editorconfig: -------------------------------------------------------------------------------- 1 | # EditorConfig helps developers define and maintain consistent 2 | # coding styles between different editors and IDEs 3 | # http://editorconfig.org 4 | 5 | root = true 6 | 7 | [*] 8 | # We recommend you to keep these unchanged 9 | end_of_line = lf 10 | charset = utf-8 11 | trim_trailing_whitespace = true 12 | insert_final_newline = true 13 | 14 | [*.py] 15 | indent_style = space 16 | indent_size = 4 17 | 18 | [Makefile] 19 | indent_style = tab 20 | -------------------------------------------------------------------------------- /.flake8: -------------------------------------------------------------------------------- 1 | [flake8] 2 | exclude = .git,.tox,__pycache__,env,venv,build 3 | max-line-length = 120 4 | extend-ignore = E203,E121,E123,E126,E226,E24,E704,W503,W504,E722,E731,W605 5 | # Includes default ignores, E722 (bare excepts), E731 (lambda usage), and W605 (escape sequences) 6 | -------------------------------------------------------------------------------- /.github/CODEOWNERS: -------------------------------------------------------------------------------- 1 | * @lephino @arctan5x @jmeixensperger @GordonWang @li-wu 2 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/bug-report.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Bug report 3 | about: Provide the details of the bug to us in order to further triage and fix 4 | title: "[BUG]" 5 | labels: bug 6 | assignees: lephino, arctan5x, jmeixensperger, li-wu, GordonWang 7 | 8 | --- 9 | 10 | **Describe the bug** 11 | A clear and concise description of what the bug is. 12 | 13 | **To Reproduce** 14 | Steps to reproduce the behavior: 15 | 1. Go to '...' 16 | 2. Click on '....' 17 | 3. Scroll down to '....' 18 | 4. See error 19 | 20 | **Expected behavior** 21 | A clear and concise description of what you expected to happen. 22 | 23 | **Actual behavior** 24 | A clear and concise description of what happens after doing the reproduce steps. 25 | 26 | **Screenshots** 27 | If applicable, add screenshots to help explain your problem. 28 | 29 | **Sample files and eventgen.conf file** 30 | Please attach your sample files and eventgen conf file 31 | 32 | **Do you run eventgen with SA-eventgen?** 33 | Yes/No(No means you run eventgen with pip module mode) 34 | 35 | **If you are using SA-Eventgen with Splunk (please complete the following information):** 36 | - OS: [e.g. Windows/Mac OS 10.14] 37 | - Browser [e.g. chrome, safari] 38 | - Eventgen Version [e.g. 22] 39 | - Splunk Version[e.g. 7.1.3] 40 | - What other apps you have installed in Splunk etc/apps? 41 | 42 | **If you are using eventgen with pip module mode (please complete the following information):** 43 | - python version: [e.g. 2.6] 44 | - OS: [e.g. Windows10] 45 | - Virtual Env is used: Yes/No 46 | - Eventgen Version [e.g. 6.3.2] 47 | 48 | **Additional context** 49 | Add any other context about the problem here. 50 | -------------------------------------------------------------------------------- /.github/ISSUE_TEMPLATE/feature_request.md: -------------------------------------------------------------------------------- 1 | --- 2 | name: Feature request 3 | about: Suggest an idea or improvement for this project 4 | title: "[FEATURE/IMPROVEMENT]" 5 | labels: enhancement 6 | assignees: lephino, arctan5x, jmeixensperger, li-wu, GordonWang 7 | 8 | --- 9 | 10 | **Is your feature request related to a problem? Please describe.** 11 | A clear and concise description of what the problem is. Ex. I'm always frustrated when [...] 12 | 13 | **Describe the solution you'd like** 14 | A clear and concise description of what you want to happen. What is the expect behavior of eventgen which can help you to resolve this problem. 15 | 16 | **Describe alternatives you've considered** 17 | A clear and concise description of any alternative solutions or features you've considered. 18 | 19 | **Additional context** 20 | Add any other context or screenshots about the feature request here. 21 | -------------------------------------------------------------------------------- /.gitignore: -------------------------------------------------------------------------------- 1 | *.pyc 2 | .DS_Store 3 | build 4 | .build 5 | .project 6 | .pydevproject 7 | *.iml 8 | .idea/ 9 | *.spl 10 | eventgen.spl 11 | package.json 12 | package-lock.json 13 | node_modules 14 | cached_build_info.properties 15 | local.build.properties 16 | stage/ 17 | local/ 18 | eventgen_wsgi.conf 19 | *.log 20 | *.egg-info 21 | **/*.tgz 22 | .cache 23 | *.xml 24 | !tests/large/splunk/input.xml 25 | !splunk_eventgen/splunk_app/default/data/ui/nav/default.xml 26 | dist 27 | _book 28 | *.result 29 | venv/* 30 | eventgenEnv/* 31 | *.log.* 32 | splunk_eventgen-*/ 33 | .env 34 | .vscode 35 | htmlcov/* 36 | 37 | -------------------------------------------------------------------------------- /CONTRIBUTING.md: -------------------------------------------------------------------------------- 1 | # Contributing 2 | 3 | When contributing to this repository, please read over the [contributing document](http://splunk.github.io/eventgen/CONTRIBUTE.html). [Create a issue](http://splunk.github.io/eventgen/FILE_ISSUES.html) to discuss your demand and follow the [guidelines](http://splunk.github.io/eventgen/CONTRIBUTE_CODE.html) to make the code change 4 | 5 | Please note we have a [code of conduct](http://splunk.github.io/eventgen/CONTRIBUTE.html#code-of-conduct), please follow it in all your interactions with the project. 6 | 7 | 8 | ### Past / Active(marked as *) Contributors 9 | bbingham* 10 | arctan5x* 11 | jmeixensperger* 12 | li-wu* 13 | GordonWang* 14 | coccyx 15 | Jaykul 16 | allanwsplk 17 | mikedickey 18 | zenmoto 19 | svakkalanka 20 | soniageorge 21 | kyanite 22 | LukeMurphey 23 | shakeelmohamed 24 | 25 | -------------------------------------------------------------------------------- /README.md: -------------------------------------------------------------------------------- 1 | # Splunk Event Generator (Eventgen) 2 | 3 | ### Status 4 | [![CircleCI](https://circleci.com/gh/splunk/eventgen/tree/develop.svg?style=svg&circle-token=15e952a75e368102d8cebc6d9445af87e6c7d57e)](https://circleci.com/gh/splunk/eventgen/tree/develop) 5 | 6 | ### Introduction 7 | 8 | Splunk Event Generator is a utility that helps users easily build real-time event generators. 9 | The current maintainers of this project are Brian Bingham (bbingham@splunk.com), Tony Lee (tonyl@splunk.com), and Jack Meixensperger (jackm@splunk.com). 10 | 11 | The goals of this project: 12 | 13 | * Eliminate the need for hand-coded event generators in Splunk apps 14 | * Allow for portability of event generators between applications and allow templates to be quickly adapted between use cases 15 | * Allow every type of events or transactions to be modeled inside Eventgen 16 | 17 | ### Downloading a Splunk Eventgen App 18 | 19 | Please go to [splunkbase-Eventgen](https://splunkbase.splunk.com/app/1924/#/overview) 20 | 21 | ### Documentation 22 | 23 | Documentation is hosted at [Eventgen Documentation](http://splunk.github.io/eventgen/). 24 | 25 | ### Contributing 26 | 27 | Please note [CONTRIBUTING.md](CONTRIBUTING.md). 28 | 29 | ### License 30 | 31 | Splunk Event Generator is licensed under the Apache License 2.0. Details can be found in the [LICENSE](LICENSE) file. 32 | 33 | ### Support 34 | 35 | This software is released as-is. Splunk provides no warranty and no support on this software. 36 | If you have any issues with the software, please read over the [guidelines](http://splunk.github.io/eventgen/FILE_ISSUES.md) and file an issue. 37 | -------------------------------------------------------------------------------- /dockerfiles/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM redis:5.0.5-alpine 2 | 3 | RUN apk --no-cache upgrade && \ 4 | apk add --no-cache --update \ 5 | python3 \ 6 | python3-dev \ 7 | python2-dev \ 8 | py2-pip \ 9 | gcc \ 10 | libc-dev \ 11 | libffi-dev \ 12 | openssl-dev \ 13 | libxml2-dev \ 14 | libxslt-dev \ 15 | bash \ 16 | sudo \ 17 | openssh \ 18 | tar \ 19 | acl \ 20 | g++ \ 21 | git \ 22 | curl && \ 23 | pip3 install --upgrade pip && \ 24 | rm -rf /tmp/* && \ 25 | rm -rf /var/cache/apk/* && \ 26 | ssh-keygen -f /etc/ssh/ssh_host_rsa_key -N '' -t rsa && \ 27 | mkdir -p /var/run/sshd && \ 28 | mkdir -p /root/.ssh && \ 29 | chmod 0700 /root/.ssh && \ 30 | passwd -u root && \ 31 | # install dependencies of conductor2 used by perf 32 | pip2 install filelock twisted requests queuelib ujson psutil crochet msgpack-python unidecode attrdict service_identity 33 | 34 | COPY dockerfiles/sshd_config /etc/ssh/sshd_config 35 | COPY dockerfiles/entrypoint.sh /sbin/entrypoint.sh 36 | COPY dist/splunk_eventgen*.tar.gz /root/splunk_eventgen.tgz 37 | RUN pip3 install /root/splunk_eventgen.tgz && \ 38 | rm /root/splunk_eventgen.tgz 39 | COPY pyproject.toml /usr/lib/python3.7/site-packages/splunk_eventgen/pyproject.toml 40 | COPY poetry.lock /usr/lib/python3.7/site-packages/splunk_eventgen/poetry.lock 41 | 42 | EXPOSE 2222 6379 9500 43 | RUN chmod a+x /sbin/entrypoint.sh 44 | WORKDIR /usr/lib/python3.7/site-packages/splunk_eventgen 45 | ENTRYPOINT ["/sbin/entrypoint.sh"] 46 | -------------------------------------------------------------------------------- /dockerfiles/entrypoint.sh: -------------------------------------------------------------------------------- 1 | #!/bin/bash 2 | 3 | set -e 4 | /usr/sbin/sshd 5 | 6 | if [ "$#" = 0 ]; then 7 | tail -F -n0 /etc/hosts && wait 8 | elif [ "$1" = "controller" ]; then 9 | redis-server & 10 | splunk_eventgen service --role controller & 11 | tail -F -n0 /etc/hosts && wait 12 | elif [ "$1" = "server" ]; then 13 | splunk_eventgen service --role server & 14 | tail -F -n0 /etc/hosts && wait 15 | elif [ "$1" = "standalone" ]; then 16 | splunk_eventgen service --role standalone & 17 | tail -F -n0 /etc/hosts && wait 18 | else 19 | "$@" 20 | fi -------------------------------------------------------------------------------- /dockerfiles/sshd_config: -------------------------------------------------------------------------------- 1 | Port 2222 2 | AcceptEnv LANG LANGUAGE XMODIFIERS LC_* RD_* 3 | AddressFamily any 4 | AllowAgentForwarding yes 5 | AllowTcpForwarding yes 6 | AuthorizedKeysFile %h/.ssh/authorized_keys 7 | ChallengeResponseAuthentication no 8 | Ciphers chacha20-poly1305@openssh.com,aes256-gcm@openssh.com,aes128-gcm@openssh.com,aes256-ctr,aes192-ctr,aes128-ctr 9 | ClientAliveInterval 180 10 | Compression delayed 11 | HostBasedAuthentication no 12 | HostKey /etc/ssh/ssh_host_rsa_key 13 | IgnoreRhosts yes 14 | IgnoreUserKnownHosts yes 15 | KexAlgorithms curve25519-sha256@libssh.org,ecdh-sha2-nistp521,ecdh-sha2-nistp384,ecdh-sha2-nistp256,diffie-hellman-group-exchange-sha256 16 | LogLevel INFO 17 | LoginGraceTime 30s 18 | MACs hmac-sha2-512-etm@openssh.com,hmac-sha2-256-etm@openssh.com,umac-128-etm@openssh.com,hmac-sha2-512,hmac-sha2-256,umac-128@openssh.com 19 | MaxAuthTries 5 20 | MaxSessions 128 21 | PasswordAuthentication no 22 | PermitEmptyPasswords no 23 | PermitRootLogin yes 24 | PermitTunnel yes 25 | PermitUserEnvironment no 26 | PidFile /var/run/sshd.pid 27 | PrintMotd no 28 | Protocol 2 29 | PubKeyAuthentication yes 30 | StrictModes no 31 | Subsystem sftp /usr/lib/ssh/sftp-server 32 | SyslogFacility AUTH 33 | TcpKeepalive yes 34 | UseDns no 35 | X11Forwarding yes 36 | -------------------------------------------------------------------------------- /docs/.gitignore: -------------------------------------------------------------------------------- 1 | _site 2 | -------------------------------------------------------------------------------- /docs/FILE_ISSUES.md: -------------------------------------------------------------------------------- 1 | # Filing Issues For Eventgen 2 | 3 | ## Reporting bugs 4 | 5 | 6 | If you think you've found a bug in eventgen, please [create a bug report](https://github.com/splunk/eventgen/issues/new/choose) on github. 7 | 8 | 9 | For bugs, please choose the bug report template. Then, provide information as much as possible according to the tempalte. If we need to triage issues and constantly ask people for more detail, that’s time taken away from actually fixing issues. Help us be as efficient as possible by including a lot of detail in your issues. 10 | 11 | **Note:** If you just have a question that won’t necessarily result in a change to eventgen, such as asking how something works or how to contribute, please use the slack channel instead of filing an issue. 12 | 13 | 14 | ## Requesting changes 15 | 16 | 17 | If you want some enhancement or new feature which is not in current eventgen release, please [create a feature request](https://github.com/splunk/eventgen/issues/new/choose) on github. 18 | 19 | 20 | For change requests, please choose the feature request template. Then, provide the information as much as possible according to the template. When creating a change request issue, please provide clear description about the user scenario and the expected behavior following to the template. It is very important to save the time and avoid back and forth discussion. -------------------------------------------------------------------------------- /docs/Gemfile: -------------------------------------------------------------------------------- 1 | source 'https://rubygems.org' 2 | gem 'github-pages', group: :jekyll_plugins 3 | -------------------------------------------------------------------------------- /docs/SUMMARY.md: -------------------------------------------------------------------------------- 1 | # Eventgen 2 | 3 | * [Getting Started](SETUP.md) 4 | * [Install](SETUP.md) 5 | * [Configure](CONFIGURE.md) 6 | * [Tutorial](TUTORIAL.md) 7 | --- 8 | * [Basics](BASICS.md) 9 | * [Plugins](PLUGINS.md) 10 | * [Architecture](ARCHITECTURE.md) 11 | * [Performance](PERFORMANCE.md) 12 | * [Contributing](CONTRIBUTE.md) 13 | --- 14 | * [Reference](REFERENCE.md) 15 | * [eventgen.conf.spec](REFERENCE.md#eventgenconfspec) 16 | * [REST API Reference](REFERENCE.md#rest-api-reference) 17 | * [Changelog](CHANGELOG.md) 18 | -------------------------------------------------------------------------------- /docs/_config.yml: -------------------------------------------------------------------------------- 1 | theme: jekyll-theme-cayman 2 | plugins: 3 | - jemoji 4 | -------------------------------------------------------------------------------- /docs/images/splunk_web_sa_eventgen.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/splunk/eventgen/52542a6565ab75d7f1ad7debbdf75cfa9b79d226/docs/images/splunk_web_sa_eventgen.png -------------------------------------------------------------------------------- /docs/images/splunk_web_sa_eventgen_modinput.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/splunk/eventgen/52542a6565ab75d7f1ad7debbdf75cfa9b79d226/docs/images/splunk_web_sa_eventgen_modinput.png -------------------------------------------------------------------------------- /docs/index.md: -------------------------------------------------------------------------------- 1 | # What is Eventgen? 2 | 3 | Splunk Event Generator (Eventgen) is a utility that helps users easily build real-time event generators and eliminates the need for one-off, hard-coded event generators. 4 | 5 | **Eventgen features:** 6 | * Allows every type of events or transactions to be modeled 7 | * Allows users to quickly build robust configuration-based event generators without having to write code 8 | * Can be executed inside of Splunk (relying on a common event generation framework) as well as outside of Splunk 9 | * Event output can easily be directed to a Splunk input (modular inputs, HEC, etc.), a text file, or any REST endpoint in an extensible way 10 | * Easily configurable to make fake data look as real as possible, either by ordering events and token replacements by time of the day or by allowing generators to replay real data replacing current time by generating data exactly at the same time intervals as the original data 11 | * For scenarios in which simple token replacements do not work, developers can quickly build sophisticated event generators by writing a generator plugin module while re-using the rest of the framework 12 | 13 | ## Table of Contents 14 | 15 | * [Getting Started](SETUP.md) 16 | * [Install](SETUP.md#install) 17 | * [Configure](CONFIGURE.md) 18 | * [Upgrade](UPGRADE.md) 19 | * [Tutorial](TUTORIAL.md) 20 | * [Basics](BASICS.md) 21 | * [Plugins](PLUGINS.md) 22 | * [Architecture](ARCHITECTURE.md) 23 | * [Contribute](CONTRIBUTE.md) 24 | * [Performance](PERFORMANCE.md) 25 | * [Reference](REFERENCE.md) 26 | * [eventgen.conf.spec](REFERENCE.md#eventgenconfspec) 27 | * [REST API Reference](REFERENCE.md#rest-api-reference) 28 | * [Changelog](CHANGELOG.md) 29 | 30 | -------------------------------------------------------------------------------- /pyproject.toml: -------------------------------------------------------------------------------- 1 | [build-system] 2 | requires = [ "poetry>=1.0.5",] 3 | build-backend = "poetry.masonry.api" 4 | 5 | [tool.poetry] 6 | name = "splunk_eventgen" 7 | version = "7.2.1" 8 | description = "Splunk Event Generator to produce real-time, representative data" 9 | authors = [ "Brian Bingham ", "Tony Lee ", "Jack Meixensperger ",] 10 | license = "Apache-2.0" 11 | readme = "README.md" 12 | documentation = "http://splunk.github.io/eventgen/" 13 | repository = "https://github.com/splunk/eventgen" 14 | keywords = [ "splunk", "eventgen", "container", "containers", "docker", "automation",] 15 | classifiers = [ "Development Status :: 5 - Production/Stable", "Intended Audience :: Developers", "Topic :: Software Development :: Libraries :: Python Modules", "Topic :: Software Development :: Build Tools", "Topic :: Software Development :: Testing", "Programming Language :: Python", "Programming Language :: Python :: 3.7",] 16 | [[tool.poetry.packages]] 17 | include = "splunk_eventgen" 18 | 19 | [tool.black] 20 | target-version = [ "py37",] 21 | include = "\\.pyi?$" 22 | exclude = "/(\n \\.git\n | \\.tox\n | \\.venv\n | build\n | dist\n)/\n" 23 | 24 | [tool.poetry.scripts] 25 | splunk_eventgen = "splunk_eventgen.__main__:main" 26 | 27 | [tool.poetry.dependencies] 28 | python = "^3.7" 29 | docker = "^3.7.3" 30 | pyOpenSSL = "^19.1.0" 31 | lxml = "^4.3.5" 32 | boto3 = "^1.12.45" 33 | requests = "^2.18.4" 34 | requests-futures = "1.0.0" 35 | redis = "3.3.10" 36 | Flask = "^1.0.3" 37 | ujson = "^2.0.3" 38 | PyYAML = "^5.3.1" 39 | jinja2 = "2.10.3" 40 | urllib3 = "1.24.2" 41 | httplib2 = "^0.17.2" 42 | importlib-metadata = "^1.0.0" 43 | 44 | [tool.poetry.dev-dependencies] 45 | pytest = "4.6.4" 46 | pytest-xdist = "^1.31.0" 47 | mock = "^4.0.2" 48 | pytest-cov = "^2.8.1" 49 | coverage = "4.5.4" 50 | pytest-mock = "^3.1.0" 51 | flake8 = "^3.8.3" 52 | black = "20.8b1" 53 | isort = "^5.4.2" 54 | -------------------------------------------------------------------------------- /release_tool/README.md: -------------------------------------------------------------------------------- 1 | # Release tool 2 | 3 | Use script to bump the release version and create the release PR to merge to develop branch. 4 | 5 | **Note: this script only works with python3.** 6 | 7 | - If you have generated your github access token, you can use the following command to bump versions and send PR automatically. 8 | ```bash 9 | python prepare_release_branch.py -v -n -a 10 | ``` 11 | 12 | - If the access token is not given, this script only is only used to bump the release version and push the commit to remote repo. You need to go to github web page to create your PR manually. 13 | ``` 14 | python prepare_release_branch.py -v -n 15 | ``` 16 | -------------------------------------------------------------------------------- /splunk_eventgen/README/default.meta.example: -------------------------------------------------------------------------------- 1 | 2 | # Application-level permissions 3 | [eventgen] 4 | access = read : [ * ], write : [ admin ] 5 | export = system -------------------------------------------------------------------------------- /splunk_eventgen/README/eventgen-standalone.conf.tutorial1: -------------------------------------------------------------------------------- 1 | [cisco.sample] 2 | interval = 15 3 | earliest = -15s 4 | latest = now 5 | count = 20 6 | hourOfDayRate = { "0": 0.8, "1": 1.0, "2": 0.9, "3": 0.7, "4": 0.5, "5": 0.4, "6": 0.4, "7": 0.4, "8": 0.4, "9": 0.4, "10": 0.4, "11": 0.4, "12": 0.4, "13": 0.4, "14": 0.4, "15": 0.4, "16": 0.4, "17": 0.4, "18": 0.4, "19": 0.4, "20": 0.4, "21": 0.4, "22": 0.5, "23": 0.6 } 7 | dayOfWeekRate = { "0": 0.7, "1": 0.7, "2": 0.7, "3": 0.5, "4": 0.5, "5": 1.0, "6": 1.0 } 8 | randomizeCount = 0.2 9 | randomizeEvents = true 10 | 11 | outputMode = file 12 | fileName = /tmp/ciscosample.log 13 | 14 | ## Replace timestamp Feb 4 07:52:53 15 | token.0.token = \w{3}\s+\d{1,2}\s+\d{2}:\d{2}:\d{2} 16 | token.0.replacementType = timestamp 17 | token.0.replacement = %b %d %H:%M:%S -------------------------------------------------------------------------------- /splunk_eventgen/README/eventgen.conf.example: -------------------------------------------------------------------------------- 1 | ###### Example 1: Windows Event Generation ###### 2 | 3 | --- Sample ($SPLUNK_HOME/etc/apps/windows/samples/server2k3.540.windows) --- 4 | 03/11/10 01:12:01 PM 5 | LogName=Security 6 | SourceName=Security 7 | EventCode=540 8 | EventType=8 9 | Type=@@AuditType Audit 10 | ComputerName=@@ComputerName 11 | User=@@User 12 | Sid=S-1-5-18 13 | SidType=1 14 | Category=2 15 | CategoryString=Logon/Logoff 16 | RecordNumber=@@RecordNumber 17 | Message=Successful Network Logon: 18 | ... 19 | 20 | 21 | --- File Replacement ($SPLUNK_HOME/etc/apps/windows/samples/users.list) --- 22 | johnny 23 | bobby 24 | tommy 25 | charlie 26 | 27 | 28 | --- eventgen.conf ($SPLUNK_HOME/etc/apps/windows/default/eventgen.conf) --- 29 | 30 | [server2k3.540.windows] 31 | interval = 300 32 | count = 10 33 | earliest = -5m 34 | latest = now 35 | 36 | ## replace timestamp 03/11/10 01:12:01 PM 37 | token.0.token = \d{2}\/\d{2}\/\d{2}\s+\d{2}:\d{2}:\d{2}\s+[AaPp][Mm] 38 | token.0.replacementType = timestamp 39 | token.0.replacement = %m/%d/%y %I:%M:%S %p 40 | 41 | ## replace @@AuditType 42 | token.1.token = @@AuditType 43 | token.1.replacementType = static 44 | token.1.replacement = Success 45 | 46 | ## replace @@ComputerName 47 | token.2.token = @@ComputerName 48 | token.2.replacementType = random 49 | token.2.replacement = ipv4 50 | 51 | ## replace @@User 52 | token.3.token = @@User 53 | token.3.replacementType = file 54 | token.3.replacement = users.list 55 | 56 | ## replace @@RecordNumber 57 | token.4.token = @@ RecordNumber 58 | token.4.replacementType = random 59 | token.4.replacement = integer[0:99999] -------------------------------------------------------------------------------- /splunk_eventgen/README/eventgen.conf.tutorial0: -------------------------------------------------------------------------------- 1 | [sample.tutorial0] 2 | mode = replay 3 | timeMultiple = 2 4 | 5 | outputMode = httpevent 6 | httpeventServers = {"servers": [{"protocol": "https", "port": "8088", "key": "00000000-0000-0000-0000-000000000000", "address": "localhost"}]} 7 | end = 1 8 | index = main 9 | sourcetype = httpevent 10 | 11 | 12 | token.0.token = \d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2} 13 | token.0.replacementType = replaytimestamp 14 | token.0.replacement = %Y-%m-%d %H:%M:%S 15 | 16 | token.1.token = @@integer 17 | token.1.replacementType = random 18 | token.1.replacement = integer[0:10] 19 | -------------------------------------------------------------------------------- /splunk_eventgen/README/eventgen.conf.tutorial1: -------------------------------------------------------------------------------- 1 | [sample.tutorial1] 2 | mode = replay 3 | sampletype = csv 4 | timeMultiple = 2 5 | outputMode = stdout 6 | 7 | token.0.token = \d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2},\d{3,6} 8 | token.0.replacementType = replaytimestamp 9 | token.0.replacement = %Y-%m-%d %H:%M:%S,%f 10 | 11 | token.1.token = \d{2}-\d{2}-\d{4} \d{2}:\d{2}:\d{2}.\d{3,6} 12 | token.1.replacementType = replaytimestamp 13 | token.1.replacement = %m-%d-%Y %H:%M:%S.%f 14 | 15 | token.2.token = \d{2}/\w{3}/\d{4}:\d{2}:\d{2}:\d{2}.\d{3,6} 16 | token.2.replacementType = replaytimestamp 17 | token.2.replacement = %d/%b/%Y:%H:%M:%S.%f 18 | 19 | token.3.token = \d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2} 20 | token.3.replacementType = replaytimestamp 21 | token.3.replacement = %Y-%m-%d %H:%M:%S 22 | 23 | token.4.token = \d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2} 24 | token.4.replacementType = replaytimestamp 25 | token.4.replacement = %Y-%m-%dT%H:%M:%S 26 | -------------------------------------------------------------------------------- /splunk_eventgen/README/eventgen.conf.tutorial2: -------------------------------------------------------------------------------- 1 | [sample.tutorial2] 2 | interval = 15 3 | earliest = -15s 4 | latest = now 5 | count = 20 6 | hourOfDayRate = { "0": 0.8, "1": 1.0, "2": 0.9, "3": 0.7, "4": 0.5, "5": 0.4, "6": 0.4, "7": 0.4, "8": 0.4, "9": 0.4, "10": 0.4, "11": 0.4, "12": 0.4, "13": 0.4, "14": 0.4, "15": 0.4, "16": 0.4, "17": 0.4, "18": 0.4, "19": 0.4, "20": 0.4, "21": 0.4, "22": 0.5, "23": 0.6 } 7 | dayOfWeekRate = { "0": 0.7, "1": 0.7, "2": 0.7, "3": 0.5, "4": 0.5, "5": 1.0, "6": 1.0 } 8 | randomizeCount = 0.2 9 | randomizeEvents = true 10 | 11 | outputMode = file 12 | fileName = /tmp/ciscosample.log 13 | 14 | ## Replace timestamp Feb 4 07:52:53 15 | token.0.token = \w{3}\s+\d{1,2}\s+\d{2}:\d{2}:\d{2} 16 | token.0.replacementType = timestamp 17 | token.0.replacement = %b %d %H:%M:%S 18 | -------------------------------------------------------------------------------- /splunk_eventgen/README/eventgen.conf.tutorial3: -------------------------------------------------------------------------------- 1 | # Note, these samples assume you're installed as an app or a symbolic link in 2 | # $SPLUNK_HOME/etc/apps/eventgen. If not, please change the paths below. 3 | 4 | [sample.tutorial3] 5 | interval = 1 6 | earliest = -1s 7 | latest = now 8 | count = 10000 9 | hourOfDayRate = { "0": 0.30, "1": 0.10, "2": 0.05, "3": 0.10, "4": 0.15, "5": 0.25, "6": 0.35, "7": 0.50, "8": 0.60, "9": 0.65, "10": 0.70, "11": 0.75, "12": 0.77, "13": 0.80, "14": 0.82, "15": 0.85, "16": 0.87, "17": 0.90, "18": 0.95, "19": 1.0, "20": 0.85, "21": 0.70, "22": 0.60, "23": 0.45 } 10 | dayOfWeekRate = { "0": 0.55, "1": 0.97, "2": 0.95, "3": 0.90, "4": 0.97, "5": 1.0, "6": 0.99 } 11 | randomizeCount = 0.2 12 | outputMode = stdout 13 | 14 | token.0.token = \d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2},\d{3} 15 | token.0.replacementType = timestamp 16 | token.0.replacement = %Y-%m-%d %H:%M:%S 17 | 18 | token.1.token = transType=(\w+) 19 | token.1.replacementType = file 20 | token.1.replacement = $SPLUNK_HOME/etc/apps/SA-Eventgen/samples/orderType.sample 21 | 22 | token.2.token = transID=(\d+) 23 | token.2.replacementType = integerid 24 | token.2.replacement = 10000 25 | 26 | token.3.token = transGUID=([0-9a-fA-F]+) 27 | token.3.replacementType = random 28 | token.3.replacement = guid 29 | 30 | token.4.token = userName=(\w+) 31 | token.4.replacementType = file 32 | token.4.replacement = $SPLUNK_HOME/etc/apps/SA-Eventgen/samples/userName.sample 33 | 34 | token.5.token = city="(\w+)" 35 | token.5.replacementType = mvfile 36 | token.5.replacement = $SPLUNK_HOME/etc/apps/SA-Eventgen/samples/markets.sample:2 37 | 38 | token.6.token = state=(\w+) 39 | token.6.replacementType = mvfile 40 | token.6.replacement = $SPLUNK_HOME/etc/apps/SA-Eventgen/samples/markets.sample:3 41 | 42 | token.7.token = zip=(\d+) 43 | token.7.replacementType = mvfile 44 | token.7.replacement = $SPLUNK_HOME/etc/apps/SA-Eventgen/samples/markets.sample:1 45 | 46 | token.8.token = value=(\d+) 47 | token.8.replacementType = random 48 | token.8.replacement = float[0.000:10.000] 49 | -------------------------------------------------------------------------------- /splunk_eventgen/README/eventgen.conf.tutorial4: -------------------------------------------------------------------------------- 1 | # Note, these samples assume you're installed as an app or a symbolic link in 2 | # $SPLUNK_HOME/etc/apps/eventgen. If not, please change the paths below. 3 | 4 | [sample.tutorial4] 5 | sampletype = csv 6 | interval = 3 7 | earliest = -3s 8 | latest = now 9 | count = 10 10 | bundlelines = true 11 | hourOfDayRate = { "0": 0.30, "1": 0.10, "2": 0.05, "3": 0.10, "4": 0.15, "5": 0.25, "6": 0.35, "7": 0.50, "8": 0.60, "9": 0.65, "10": 0.70, "11": 0.75, "12": 0.77, "13": 0.80, "14": 0.82, "15": 0.85, "16": 0.87, "17": 0.90, "18": 0.95, "19": 1.0, "20": 0.85, "21": 0.70, "22": 0.60, "23": 0.45 } 12 | dayOfWeekRate = { "0": 0.97, "1": 0.95, "2": 0.90, "3": 0.97, "4": 1.0, "5": 0.99, "6": 0.55 } 13 | randomizeCount = 0.2 14 | 15 | outputMode = splunkstream 16 | 17 | # Host/User/pass only necessary if running outside of splunk! 18 | splunkHost = localhost 19 | splunkUser = admin 20 | splunkPass = changeme 21 | 22 | token.0.token = ((\w+\s+\d+\s+\d{2}:\d{2}:\d{2}:\d{3})|(\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}:\d{3})) 23 | token.0.replacementType = replaytimestamp 24 | token.0.replacement = ["%b %d %H:%M:%S:%f", "%Y-%m-%d %H:%M:%S:%f"] 25 | 26 | token.1.token = (5\.5\.5\.5) 27 | token.1.replacementType = file 28 | token.1.replacement = $SPLUNK_HOME/etc/apps/SA-Eventgen/samples/external_ips.sample 29 | 30 | token.2.token = (10\.2\.1\.35) 31 | token.2.replacementType = file 32 | token.2.replacement = $SPLUNK_HOME/etc/apps/SA-Eventgen/samples/webhosts.sample 33 | 34 | token.3.token = (POST /playhistory/uploadhistory) 35 | token.3.replacementType = file 36 | token.3.replacement = $SPLUNK_HOME/etc/apps/SA-Eventgen/samples/uris.sample 37 | 38 | token.4.token = "(Mozilla/5\.0[^"]+)" 39 | token.4.replacementType = file 40 | token.4.replacement = $SPLUNK_HOME/etc/apps/SA-Eventgen/samples/useragents_mobile.sample 41 | 42 | token.5.token = \s{1}(468)\s{1} 43 | token.5.replacementType = random 44 | token.5.replacement = integer[100:1000] 45 | 46 | token.6.token = \s{1}(1488)\s{1} 47 | token.6.replacementType = random 48 | token.6.replacement = integer[200:4000] 49 | -------------------------------------------------------------------------------- /splunk_eventgen/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/splunk/eventgen/52542a6565ab75d7f1ad7debbdf75cfa9b79d226/splunk_eventgen/__init__.py -------------------------------------------------------------------------------- /splunk_eventgen/eventgen_api_server/eventgen_core_object.py: -------------------------------------------------------------------------------- 1 | import argparse 2 | import logging 3 | import os 4 | 5 | import splunk_eventgen.eventgen_core as eventgen_core 6 | 7 | FILE_PATH = os.path.dirname(os.path.realpath(__file__)) 8 | CUSTOM_CONFIG_PATH = os.path.realpath( 9 | os.path.join(FILE_PATH, "..", "default", "eventgen_wsgi.conf") 10 | ) 11 | 12 | 13 | class EventgenCoreObject: 14 | def __init__(self, **kargs): 15 | self.logger = logging.getLogger("eventgen_server") 16 | self.eventgen_core_object = eventgen_core.EventGenerator( 17 | self._create_args(**kargs) 18 | ) 19 | self.configured = False 20 | self.configfile = None 21 | self.check_and_configure_eventgen() 22 | 23 | def check_and_configure_eventgen(self): 24 | if os.path.isfile(CUSTOM_CONFIG_PATH): 25 | self.configured = True 26 | self.configfile = CUSTOM_CONFIG_PATH 27 | self.eventgen_core_object.reload_conf(CUSTOM_CONFIG_PATH) 28 | self.logger.info("Configured Eventgen from {}".format(CUSTOM_CONFIG_PATH)) 29 | 30 | def refresh_eventgen_core_object(self): 31 | self.eventgen_core_object.stop(force_stop=True) 32 | self.configured = False 33 | self.configfile = None 34 | self.check_and_configure_eventgen() 35 | self.logger.info("Refreshed the eventgen core object") 36 | 37 | def _create_args(self, **kargs): 38 | args = argparse.Namespace() 39 | args.daemon = False 40 | args.version = False 41 | args.backfill = None 42 | args.count = None 43 | args.end = None 44 | args.devnull = False 45 | args.disableOutputQueue = False 46 | args.generators = None 47 | args.interval = None 48 | args.keepoutput = False 49 | args.modinput = False 50 | args.multiprocess = False if kargs.get("multithread") else True 51 | args.outputters = None 52 | args.profiler = False 53 | args.sample = None 54 | args.version = False 55 | args.subcommand = "generate" 56 | args.verbosity = 20 57 | args.wsgi = True 58 | args.modinput_mode = False 59 | args.generator_queue_size = 1500 60 | args.disable_logging = True 61 | return args 62 | -------------------------------------------------------------------------------- /splunk_eventgen/eventgen_api_server/eventgen_server.py: -------------------------------------------------------------------------------- 1 | import logging 2 | import socket 3 | 4 | from flask import Flask 5 | 6 | from splunk_eventgen.eventgen_api_server import eventgen_core_object 7 | from splunk_eventgen.eventgen_api_server.eventgen_server_api import EventgenServerAPI 8 | 9 | 10 | class EventgenServer: 11 | def __init__(self, *args, **kwargs): 12 | self.env_vars = kwargs.get("env_vars") 13 | self.eventgen = eventgen_core_object.EventgenCoreObject( 14 | mutithread=self.env_vars.get("multithread", False) 15 | ) 16 | self.mode = kwargs.get("mode", "standalone") 17 | self.host = socket.gethostname() 18 | self.role = "server" 19 | 20 | self.logger = logging.getLogger("eventgen_server") 21 | self.logger.info("Initialized Eventgen Server: hostname [{}]".format(self.host)) 22 | 23 | if self.mode != "standalone": 24 | from splunk_eventgen.eventgen_api_server.redis_connector import ( 25 | RedisConnector, 26 | ) 27 | 28 | self.redis_connector = RedisConnector( 29 | host=self.env_vars.get("REDIS_HOST"), 30 | port=self.env_vars.get("REDIS_PORT"), 31 | ) 32 | self.redis_connector.register_myself(hostname=self.host, role=self.role) 33 | self.app = self._create_app() 34 | 35 | def app_run(self): 36 | self.app.run( 37 | host="0.0.0.0", 38 | port=int(self.env_vars.get("WEB_SERVER_PORT")), 39 | threaded=True, 40 | ) 41 | 42 | def _create_app(self): 43 | app = Flask(__name__) 44 | app.config["SECRET_KEY"] = "does-not-exist" 45 | if self.mode == "standalone": 46 | app.register_blueprint( 47 | EventgenServerAPI( 48 | eventgen=self.eventgen, redis_connector=None, host=self.host 49 | ).get_blueprint() 50 | ) 51 | else: 52 | app.register_blueprint( 53 | EventgenServerAPI( 54 | eventgen=self.eventgen, 55 | redis_connector=self.redis_connector, 56 | host=self.host, 57 | mode=self.mode, 58 | ).get_blueprint() 59 | ) 60 | 61 | @app.route("/") 62 | def index(): 63 | return "running_eventgen_server" 64 | 65 | return app 66 | -------------------------------------------------------------------------------- /splunk_eventgen/lib/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/splunk/eventgen/52542a6565ab75d7f1ad7debbdf75cfa9b79d226/splunk_eventgen/lib/__init__.py -------------------------------------------------------------------------------- /splunk_eventgen/lib/eventgen_defaults: -------------------------------------------------------------------------------- 1 | [global] 2 | disabled = false 3 | spoolDir = $SPLUNK_HOME/var/spool/splunk 4 | spoolFile = 5 | breaker = [^\r\n\s]+ 6 | sampletype = raw 7 | interval = 60 8 | delay = 0 9 | ## 0 means all lines in sample 10 | count = 0 11 | ## earliest/latest = now means timestamp replacements default to current time 12 | earliest = now 13 | latest = now 14 | hourOfDayRate = { "0": 0.30, "1": 0.10, "2": 0.05, "3": 0.10, "4": 0.15, "5": 0.25, "6": 0.35, "7": 0.50, "8": 0.60, "9": 0.65, "10": 0.70, "11": 0.75, "12": 0.77, "13": 0.80, "14": 0.82, "15": 0.85, "16": 0.87, "17": 0.90, "18": 0.95, "19": 1.0, "20": 0.85, "21": 0.70, "22": 0.60, "23": 0.45 } 15 | dayOfWeekRate = { "0": 0.97, "1": 0.95, "2": 0.90, "3": 0.97, "4": 1.0, "5": 0.99, "6": 0.55 } 16 | randomizeCount = 0.2 17 | randomizeEvents = false 18 | outputMode = spool 19 | fileMaxBytes = 10485760 20 | fileBackupFiles = 5 21 | splunkPort = 8089 22 | splunkMethod = https 23 | index = main 24 | sourcetype = eventgen 25 | host = 127.0.0.1 26 | -------------------------------------------------------------------------------- /splunk_eventgen/lib/eventgenexceptions.py: -------------------------------------------------------------------------------- 1 | """ 2 | Define the custom Exceptions for Eventgen. 3 | """ 4 | 5 | 6 | class PluginNotLoaded(Exception): 7 | def __init__( 8 | self, 9 | bindir, 10 | libdir, 11 | plugindir, 12 | name, 13 | type, 14 | msg="Plugin {} Not Loaded, attempting to load.", 15 | ): 16 | """Exception raised when a sample asks for a plugin that is not in the plugin list. 17 | This exception triggers an upload reload of plugins that expands the search path of plugins to add. 18 | 19 | :param msg: The message 20 | :param bindir: a bindir to check for plugins 21 | :param libdir: The libdir to check in for plugins 22 | :param plugindir: The lib/plugin/ dir of plugins 23 | :param name: The name of the plugin 24 | :param type: The type of plugin 25 | """ 26 | msg = msg.format(name) 27 | self.msg = msg 28 | self.bindir = bindir 29 | self.libdir = libdir 30 | self.plugindir = plugindir 31 | self.name = name 32 | self.type = type 33 | super(PluginNotLoaded, self).__init__(msg) 34 | 35 | 36 | class FailedLoadingPlugin(Exception): 37 | def __init__(self, name, msg="Plugin {} Not Found or Failed to load."): 38 | """Exception raised when a sample asks for a plugin that can't be found 39 | 40 | :param msg: The message 41 | :param name: The name of the plugin 42 | """ 43 | msg = msg.format(name) 44 | self.msg = msg 45 | self.name = name 46 | super(FailedLoadingPlugin, self).__init__(msg) 47 | -------------------------------------------------------------------------------- /splunk_eventgen/lib/outputcounter.py: -------------------------------------------------------------------------------- 1 | import time 2 | 3 | from splunk_eventgen.lib.logging_config import logger 4 | 5 | 6 | class OutputCounter(object): 7 | """ 8 | This object is used as a global variable for outputer to collect how many events and how much size of 9 | raw events egx has generated, and use them to calculate a real-time throughput. 10 | """ 11 | 12 | def __init__(self): 13 | self.event_size_1_min = 0 14 | self.event_count_1_min = 0 15 | self.current_time = time.time() 16 | self.throughput_count = 0 17 | self.throughput_volume = 0 18 | self.total_output_volume = 0 19 | self.total_output_count = 0 20 | 21 | def update_throughput(self, timestamp): 22 | # B/s, count/s 23 | delta_time = timestamp - self.current_time 24 | self.throughput_volume = self.event_size_1_min / (delta_time) 25 | self.throughput_count = self.event_count_1_min / (delta_time) 26 | self.current_time = timestamp 27 | self.event_count_1_min = 0 28 | self.event_size_1_min = 0 29 | logger.debug( 30 | "Current throughput is {} B/s, {} count/s".format( 31 | self.throughput_volume, self.throughput_count 32 | ) 33 | ) 34 | 35 | def collect(self, event_count, event_size): 36 | timestamp = time.time() 37 | self.total_output_count += event_count 38 | self.total_output_volume += event_size 39 | self.event_count_1_min += event_count 40 | self.event_size_1_min += event_size 41 | if timestamp - self.current_time >= 60: 42 | # update the throughput per mins 43 | self.update_throughput(timestamp) 44 | -------------------------------------------------------------------------------- /splunk_eventgen/lib/outputplugin.py: -------------------------------------------------------------------------------- 1 | from collections import deque 2 | 3 | from splunk_eventgen.lib.logging_config import logger, metrics_logger 4 | 5 | 6 | class OutputPlugin(object): 7 | name = "OutputPlugin" 8 | 9 | def __init__(self, sample, output_counter=None): 10 | self._app = sample.app 11 | self._sample = sample 12 | self._outputMode = sample.outputMode 13 | self.events = None 14 | logger.debug( 15 | "Starting OutputPlugin for sample '%s' with output '%s'" 16 | % (self._sample.name, self._sample.outputMode) 17 | ) 18 | self._queue = deque([]) 19 | self.output_counter = output_counter 20 | 21 | def __str__(self): 22 | """Only used for debugging, outputs a pretty printed representation of this output""" 23 | # Eliminate recursive going back to parent 24 | # temp = dict([(key, value) for (key, value) in self.__dict__.items() if key != '_c']) 25 | # return pprint.pformat(temp) 26 | return "" 27 | 28 | def __repr__(self): 29 | return self.__str__() 30 | 31 | def set_events(self, events): 32 | self.events = events 33 | 34 | def updateConfig(self, config): 35 | self.config = config 36 | 37 | def run(self): 38 | if self.events: 39 | self.flush(self.events) 40 | if self.output_counter is not None: 41 | self.output_counter.collect( 42 | len(self.events), sum([len(e["_raw"]) for e in self.events]) 43 | ) 44 | metrics_logger.info( 45 | "Current Counts: {0}".format(self.output_counter.__dict__) 46 | ) 47 | self.events = None 48 | self._output_end() 49 | 50 | def _output_end(self): 51 | pass 52 | 53 | 54 | def load(): 55 | return OutputPlugin 56 | -------------------------------------------------------------------------------- /splunk_eventgen/lib/plugins/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/splunk/eventgen/52542a6565ab75d7f1ad7debbdf75cfa9b79d226/splunk_eventgen/lib/plugins/__init__.py -------------------------------------------------------------------------------- /splunk_eventgen/lib/plugins/generator/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/splunk/eventgen/52542a6565ab75d7f1ad7debbdf75cfa9b79d226/splunk_eventgen/lib/plugins/generator/__init__.py -------------------------------------------------------------------------------- /splunk_eventgen/lib/plugins/generator/windbag.py: -------------------------------------------------------------------------------- 1 | import datetime 2 | from datetime import timedelta 3 | 4 | from splunk_eventgen.lib.generatorplugin import GeneratorPlugin 5 | from splunk_eventgen.lib.logging_config import logger 6 | 7 | 8 | class WindbagGenerator(GeneratorPlugin): 9 | def __init__(self, sample): 10 | GeneratorPlugin.__init__(self, sample) 11 | 12 | def gen(self, count, earliest, latest, samplename=None): 13 | if count < 0: 14 | logger.warning( 15 | "Sample size not found for count=-1 and generator=windbag, defaulting to count=60" 16 | ) 17 | count = 60 18 | time_interval = timedelta.total_seconds((latest - earliest)) / count 19 | for i in range(count): 20 | current_time_object = earliest + datetime.timedelta( 21 | 0, time_interval * (i + 1) 22 | ) 23 | msg = "{0} -0700 WINDBAG Event {1} of {2}".format( 24 | current_time_object, (i + 1), count 25 | ) 26 | self._out.send(msg) 27 | return 0 28 | 29 | 30 | def load(): 31 | return WindbagGenerator 32 | -------------------------------------------------------------------------------- /splunk_eventgen/lib/plugins/output/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/splunk/eventgen/52542a6565ab75d7f1ad7debbdf75cfa9b79d226/splunk_eventgen/lib/plugins/output/__init__.py -------------------------------------------------------------------------------- /splunk_eventgen/lib/plugins/output/counter.py: -------------------------------------------------------------------------------- 1 | from __future__ import print_function 2 | 3 | import datetime 4 | import pprint 5 | import sys 6 | 7 | from splunk_eventgen.lib.outputplugin import OutputPlugin 8 | 9 | 10 | class CounterOutputPlugin(OutputPlugin): 11 | name = "counter" 12 | MAXQUEUELENGTH = 1000 13 | useOutputQueue = True 14 | 15 | dataSizeHistogram = {} 16 | eventCountHistogram = {} 17 | flushCount = 0 18 | lastPrintAt = 0 19 | 20 | def __init__(self, sample, output_counter=None): 21 | OutputPlugin.__init__(self, sample, output_counter) 22 | 23 | def flush(self, q): 24 | CounterOutputPlugin.flushCount += 1 25 | for e in q: 26 | ts = datetime.datetime.fromtimestamp(int(e["_time"])) 27 | text = e["_raw"] 28 | day = ts.strftime("%Y-%m-%d") 29 | CounterOutputPlugin.dataSizeHistogram[ 30 | day 31 | ] = CounterOutputPlugin.dataSizeHistogram.get(day, 0) + len(text) 32 | CounterOutputPlugin.eventCountHistogram[day] = ( 33 | CounterOutputPlugin.eventCountHistogram.get(day, 0) + 1 34 | ) 35 | 36 | def _output_end(self): 37 | if CounterOutputPlugin.flushCount - CounterOutputPlugin.lastPrintAt > 0: 38 | self._print_info("----- print the output histogram -----") 39 | self._print_info("--- data size histogram ---") 40 | self._print_info(pprint.pformat(CounterOutputPlugin.dataSizeHistogram)) 41 | self._print_info("--- event count histogram ---") 42 | self._print_info(pprint.pformat(CounterOutputPlugin.eventCountHistogram)) 43 | CounterOutputPlugin.lastPrintAt = CounterOutputPlugin.flushCount 44 | 45 | def _print_info(self, msg): 46 | print("{} {}".format(datetime.datetime.now(), msg), file=sys.stderr) 47 | 48 | 49 | def load(): 50 | """Returns an instance of the plugin""" 51 | return CounterOutputPlugin 52 | -------------------------------------------------------------------------------- /splunk_eventgen/lib/plugins/output/devnull.py: -------------------------------------------------------------------------------- 1 | from splunk_eventgen.lib.outputplugin import OutputPlugin 2 | 3 | 4 | class DevNullOutputPlugin(OutputPlugin): 5 | name = "devnull" 6 | MAXQUEUELENGTH = 1000 7 | useOutputQueue = True 8 | 9 | def __init__(self, sample, output_counter=None): 10 | OutputPlugin.__init__(self, sample, output_counter) 11 | self.firsttime = True 12 | 13 | def flush(self, q): 14 | if self.firsttime: 15 | self.f = open("/dev/null", "w") 16 | self.firsttime = False 17 | buf = "\n".join(x["_raw"].rstrip() for x in q) 18 | self.f.write(buf) 19 | 20 | 21 | def load(): 22 | """Returns an instance of the plugin""" 23 | return DevNullOutputPlugin 24 | -------------------------------------------------------------------------------- /splunk_eventgen/lib/plugins/output/modinput.py: -------------------------------------------------------------------------------- 1 | import sys 2 | from xml.sax.saxutils import escape 3 | 4 | from splunk_eventgen.lib.outputplugin import OutputPlugin 5 | 6 | 7 | class ModInputOutputPlugin(OutputPlugin): 8 | name = "modinput" 9 | MAXQUEUELENGTH = 10 10 | useOutputQueue = False 11 | 12 | def __init__(self, sample, output_counter=None): 13 | OutputPlugin.__init__(self, sample, output_counter) 14 | 15 | def flush(self, q): 16 | out = "" 17 | if len(q) > 0: 18 | m = q.pop(0) 19 | while m: 20 | try: 21 | out += " \n" 22 | out += " \n" % m["_time"] 23 | out += " %s\n" % m["index"] 24 | out += " %s\n" % m["source"] 25 | out += " %s\n" % m["sourcetype"] 26 | out += " %s\n" % m["host"] 27 | out += " %s\n" % escape(m["_raw"]) 28 | out += " \n" 29 | except KeyError: 30 | pass 31 | 32 | try: 33 | m = q.pop(0) 34 | except IndexError: 35 | m = False 36 | 37 | sys.stdout.write(out) 38 | sys.stdout.flush() 39 | 40 | 41 | def load(): 42 | """Returns an instance of the plugin""" 43 | return ModInputOutputPlugin 44 | -------------------------------------------------------------------------------- /splunk_eventgen/lib/plugins/output/spool.py: -------------------------------------------------------------------------------- 1 | import os 2 | import time 3 | 4 | from splunk_eventgen.lib.logging_config import logger 5 | from splunk_eventgen.lib.outputplugin import OutputPlugin 6 | 7 | 8 | class SpoolOutputPlugin(OutputPlugin): 9 | useOutputQueue = True 10 | name = "spool" 11 | MAXQUEUELENGTH = 10 12 | 13 | validSettings = ["spoolDir", "spoolFile"] 14 | defaultableSettings = ["spoolDir", "spoolFile"] 15 | 16 | _spoolDir = None 17 | _spoolFile = None 18 | 19 | def __init__(self, sample, output_counter=None): 20 | OutputPlugin.__init__(self, sample, output_counter) 21 | self._spoolDir = sample.pathParser(sample.spoolDir) 22 | self._spoolFile = sample.spoolFile 23 | self.spoolPath = self._spoolDir + os.sep + self._spoolFile 24 | 25 | def flush(self, q): 26 | if len(q) > 0: 27 | logger.debug( 28 | "Flushing output for sample '%s' in app '%s' for queue '%s'" 29 | % (self._sample.name, self._app, self._sample.source) 30 | ) 31 | # Keep trying to open destination file as it might be touched by other processes 32 | data = "".join(event["_raw"] for event in q if event.get("_raw")) 33 | while True: 34 | try: 35 | with open(self.spoolPath, "a") as dst: 36 | dst.write(data) 37 | break 38 | except Exception as e: 39 | logger.error(str(e)) 40 | time.sleep(0.1) 41 | logger.debug( 42 | "Queue for app '%s' sample '%s' written" 43 | % (self._app, self._sample.name) 44 | ) 45 | 46 | 47 | def load(): 48 | """Returns an instance of the plugin""" 49 | return SpoolOutputPlugin 50 | -------------------------------------------------------------------------------- /splunk_eventgen/lib/plugins/output/stdout.py: -------------------------------------------------------------------------------- 1 | from splunk_eventgen.lib.outputplugin import OutputPlugin 2 | 3 | 4 | class StdOutOutputPlugin(OutputPlugin): 5 | useOutputQueue = False 6 | name = "stdout" 7 | MAXQUEUELENGTH = 10000 8 | 9 | def __init__(self, sample, output_counter=None): 10 | OutputPlugin.__init__(self, sample, output_counter) 11 | 12 | def flush(self, q): 13 | for x in q: 14 | print(x.get("_raw", "").rstrip()) 15 | 16 | 17 | def load(): 18 | """Returns an instance of the plugin""" 19 | return StdOutOutputPlugin 20 | -------------------------------------------------------------------------------- /splunk_eventgen/lib/plugins/output/tcpout.py: -------------------------------------------------------------------------------- 1 | from splunk_eventgen.lib.logging_config import logger 2 | from splunk_eventgen.lib.outputplugin import OutputPlugin 3 | 4 | 5 | class TcpOutputPlugin(OutputPlugin): 6 | useOutputQueue = False 7 | name = "tcpout" 8 | MAXQUEUELENGTH = 10 9 | 10 | def __init__(self, sample, output_counter=None): 11 | OutputPlugin.__init__(self, sample, output_counter) 12 | 13 | self._tcpDestinationHost = ( 14 | sample.tcpDestinationHost 15 | if hasattr(sample, "tcpDestinationHost") and sample.tcpDestinationHost 16 | else "127.0.0.1" 17 | ) 18 | self._tcpDestinationPort = ( 19 | sample.tcpDestinationPort 20 | if hasattr(sample, "tcpDestinationPort") and sample.tcpDestinationPort 21 | else "3333" 22 | ) 23 | 24 | import socket # Import socket module 25 | 26 | self.s = socket.socket(socket.AF_INET, socket.SOCK_STREAM) 27 | 28 | def flush(self, q): 29 | self.s.connect((self._tcpDestinationHost, int(self._tcpDestinationPort))) 30 | logger.info( 31 | "Socket connected to {0}:{1}".format( 32 | self._tcpDestinationHost, self._tcpDestinationPort 33 | ) 34 | ) 35 | for x in q: 36 | msg = x["_raw"].rstrip() + "\n" 37 | self.s.send(str.encode(msg)) 38 | self.s.close() 39 | 40 | 41 | def load(): 42 | """Returns an instance of the plugin""" 43 | return TcpOutputPlugin 44 | -------------------------------------------------------------------------------- /splunk_eventgen/lib/plugins/output/udpout.py: -------------------------------------------------------------------------------- 1 | from splunk_eventgen.lib.logging_config import logger 2 | from splunk_eventgen.lib.outputplugin import OutputPlugin 3 | 4 | 5 | class UdpOutputPlugin(OutputPlugin): 6 | useOutputQueue = False 7 | name = "udpout" 8 | MAXQUEUELENGTH = 10 9 | 10 | def __init__(self, sample, output_counter=None): 11 | OutputPlugin.__init__(self, sample, output_counter) 12 | 13 | self._udpDestinationHost = ( 14 | sample.udpDestinationHost 15 | if hasattr(sample, "udpDestinationHost") and sample.udpDestinationHost 16 | else "127.0.0.1" 17 | ) 18 | self._udpDestinationPort = ( 19 | sample.udpDestinationPort 20 | if hasattr(sample, "udpDestinationPort") and sample.udpDestinationPort 21 | else "3333" 22 | ) 23 | 24 | import socket # Import socket module 25 | 26 | self.s = socket.socket(socket.AF_INET, socket.SOCK_DGRAM) 27 | 28 | def flush(self, q): 29 | for x in q: 30 | msg = x["_raw"].rstrip() + "\n" 31 | self.s.sendto( 32 | str.encode(msg), 33 | (self._udpDestinationHost, int(self._udpDestinationPort)), 34 | ) 35 | logger.info("Flushing in udpout.") 36 | 37 | 38 | def load(): 39 | """Returns an instance of the plugin""" 40 | return UdpOutputPlugin 41 | -------------------------------------------------------------------------------- /splunk_eventgen/lib/plugins/rater/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/splunk/eventgen/52542a6565ab75d7f1ad7debbdf75cfa9b79d226/splunk_eventgen/lib/plugins/rater/__init__.py -------------------------------------------------------------------------------- /splunk_eventgen/lib/plugins/rater/config.py: -------------------------------------------------------------------------------- 1 | from splunk_eventgen.lib.logging_config import logger 2 | from splunk_eventgen.lib.raterplugin import RaterPlugin 3 | 4 | 5 | class ConfigRater(RaterPlugin): 6 | name = "ConfigRater" 7 | stopping = False 8 | 9 | def __init__(self, sample): 10 | super(ConfigRater, self).__init__(sample) 11 | 12 | def single_queue_it(self, count): 13 | super(ConfigRater, self).single_queue_it(count) 14 | 15 | def multi_queue_it(self, count): 16 | logger.info("Entering multi-processing division of sample") 17 | numberOfWorkers = self.config.generatorWorkers 18 | logger.debug("Number of Workers: {0}".format(numberOfWorkers)) 19 | # this is a redundant check, but will prevent some missed call to multi_queue without a valid setting 20 | if bool(self.sample.splitSample): 21 | # if split = 1, then they want to divide by number of generator workers, else use the splitSample 22 | if self.sample.splitSample == 1: 23 | logger.debug("SplitSample = 1, using all availible workers") 24 | targetWorkersToUse = numberOfWorkers 25 | else: 26 | logger.debug( 27 | "SplitSample != 1, using {0} workers.".format( 28 | self.sample.splitSample 29 | ) 30 | ) 31 | targetWorkersToUse = self.sample.splitSample 32 | else: 33 | logger.debug( 34 | "SplitSample set to disable multithreading for just this sample." 35 | ) 36 | self.single_queue_it() 37 | currentWorkerPrepCount = 0 38 | remainingCount = count 39 | targetLoopCount = int(count) / targetWorkersToUse 40 | while currentWorkerPrepCount < targetWorkersToUse: 41 | currentWorkerPrepCount = currentWorkerPrepCount + 1 42 | # check if this is the last loop, if so, add in the remainder count 43 | if currentWorkerPrepCount < targetWorkersToUse: 44 | remainingCount = count - targetLoopCount 45 | else: 46 | targetLoopCount = remainingCount 47 | self.single_queue_it(targetLoopCount) 48 | 49 | 50 | def load(): 51 | return ConfigRater 52 | -------------------------------------------------------------------------------- /splunk_eventgen/lib/requirements.txt: -------------------------------------------------------------------------------- 1 | ujson==2.0.3 2 | jinja2==2.10.3 3 | requests-futures==1.0.0 4 | urllib3==1.24.2 5 | six==1.15.0 6 | -------------------------------------------------------------------------------- /splunk_eventgen/logs/__init__: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/splunk/eventgen/52542a6565ab75d7f1ad7debbdf75cfa9b79d226/splunk_eventgen/logs/__init__ -------------------------------------------------------------------------------- /splunk_eventgen/samples/anomalous.hostname.sample: -------------------------------------------------------------------------------- 1 | HOST-001 -------------------------------------------------------------------------------- /splunk_eventgen/samples/anomalous.ip_address.sample: -------------------------------------------------------------------------------- 1 | 10.11.36.20 -------------------------------------------------------------------------------- /splunk_eventgen/samples/anomalous.mac_address.sample: -------------------------------------------------------------------------------- 1 | 19:61:3c:3e:20:84 -------------------------------------------------------------------------------- /splunk_eventgen/samples/artIDs.sample: -------------------------------------------------------------------------------- 1 | 0019 2 | 0018 3 | 0014 4 | 006 5 | 0026 6 | 0017 7 | 0016 8 | 0015 9 | 0027 10 | 007 11 | 0021 12 | 0011 13 | 0012 14 | 0013 15 | 0020 16 | 005 17 | 0044 18 | 001 19 | 0032 20 | 008 21 | 0022 -------------------------------------------------------------------------------- /splunk_eventgen/samples/artists.sample: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/splunk/eventgen/52542a6565ab75d7f1ad7debbdf75cfa9b79d226/splunk_eventgen/samples/artists.sample -------------------------------------------------------------------------------- /splunk_eventgen/samples/hostname.sample: -------------------------------------------------------------------------------- 1 | ACME-001 2 | ACME-002 3 | ACME-003 4 | ACME-004 5 | ACME-005 6 | ACME-006 7 | HOST-001 8 | HOST-002 9 | HOST-003 10 | HOST-004 11 | HOST-005 12 | HOST-006 13 | ops-sys-001 14 | ops-sys-002 15 | ops-sys-003 16 | ops-sys-004 17 | ops-sys-005 18 | ops-sys-006 19 | PROD-POS-001 20 | PROD-POS-002 21 | PROD-POS-003 22 | PROD-POS-004 23 | PROD-POS-005 24 | PROD-POS-006 25 | PROD-MFS-001 26 | PROD-MFS-002 27 | PROD-MFS-003 28 | PROD-MFS-004 29 | PROD-MFS-005 30 | PROD-MFS-006 31 | COREDEV-001 32 | COREDEV-002 33 | COREDEV-003 34 | COREDEV-004 35 | COREDEV-005 36 | COREDEV-006 37 | SE-001 38 | SE-002 39 | SE-003 40 | SE-004 41 | SE-005 42 | SE-006 43 | BUSDEV-001 44 | BUSDEV-002 45 | BUSDEV-003 46 | BUSDEV-004 47 | BUSDEV-005 48 | BUSDEV-006 49 | BUSDEV-007 50 | BUSDEV-008 -------------------------------------------------------------------------------- /splunk_eventgen/samples/ip_address.sample: -------------------------------------------------------------------------------- 1 | 10.11.36.1 2 | 10.11.36.2 3 | 10.11.36.3 4 | 10.11.36.4 5 | 10.11.36.5 6 | 10.11.36.6 7 | 10.11.36.7 8 | 10.11.36.8 9 | 10.11.36.9 10 | 10.11.36.10 11 | 10.11.36.11 12 | 10.11.36.12 13 | 10.11.36.13 14 | 10.11.36.14 15 | 10.11.36.15 16 | 10.11.36.16 17 | 10.11.36.17 18 | 10.11.36.18 19 | 10.11.36.19 20 | 10.11.36.20 21 | 10.11.36.21 22 | 10.11.36.22 23 | 10.11.36.23 24 | 10.11.36.24 25 | 10.11.36.25 26 | 10.11.36.26 27 | 10.11.36.27 28 | 10.11.36.28 29 | 10.11.36.29 30 | 10.11.36.30 31 | 10.11.36.31 32 | 10.11.36.32 33 | 10.11.36.33 34 | 10.11.36.34 35 | 10.11.36.35 36 | 10.11.36.36 37 | 10.11.36.37 38 | 10.11.36.38 39 | 10.11.36.39 40 | 10.11.36.40 41 | 10.11.36.41 42 | 10.11.36.42 43 | 10.11.36.43 44 | 10.11.36.44 45 | 10.11.36.45 46 | 10.11.36.46 47 | 10.11.36.47 48 | 10.11.36.48 49 | 10.11.36.49 50 | 10.11.36.50 -------------------------------------------------------------------------------- /splunk_eventgen/samples/linux_arch.sample: -------------------------------------------------------------------------------- 1 | i386 2 | i686 3 | x86_64 4 | ia64 5 | alpha 6 | amd64 7 | arm 8 | armeb 9 | armel 10 | hppa 11 | m32r 12 | m68k 13 | mips 14 | mipsel 15 | powerpc 16 | ppc64 17 | s390 18 | s390x 19 | sh3 20 | sh3eb 21 | sh4 22 | sh4eb 23 | sparc 24 | sparcv8 25 | sparcv9 -------------------------------------------------------------------------------- /splunk_eventgen/samples/mac_address.sample: -------------------------------------------------------------------------------- 1 | 19:61:3c:3e:20:84 2 | c7:df:23:1a:e8:ba 3 | ba:b7:72:7a:16:30 4 | 52:70:fa:52:7c:e4 5 | 6a:83:f8:c6:5a:fc 6 | e2:64:ae:81:26:f7 7 | ab:1a:41:74:87:2c 8 | 2f:29:25:a5:78:de 9 | fb:69:33:d1:44:a4 10 | ac:d7:f5:9c:16:50 11 | 67:c4:0e:fe:1a:34 12 | 1a:ae:35:d8:b8:52 13 | af:fd:16:4f:9e:d8 14 | 4a:43:e4:f5:3a:ae 15 | 0b:4a:fe:06:36:92 16 | 73:09:b0:ec:6a:35 17 | d9:9d:e8:dc:91:d3 18 | 76:a1:f8:7a:5b:6c 19 | ec:ab:17:6c:17:c6 20 | 92:90:55:51:61:31 21 | 03:53:39:5b:ed:ab 22 | da:b9:81:e1:17:01 23 | 8b:66:79:4a:bf:c5 24 | f0:6c:88:2a:34:52 25 | 74:c2:0a:56:49:99 26 | 60:6e:74:df:78:fb 27 | c0:eb:cf:50:74:6d 28 | ad:7b:3d:db:49:8b 29 | d8:9b:1f:b9:e6:01 30 | de:09:a2:ae:7a:93 31 | 01:30:f9:d0:79:13 32 | 20:c5:8e:0b:9d:a3 33 | ca:b6:07:cb:eb:a4 34 | ab:53:c2:c6:97:6b 35 | 84:df:af:01:a9:a5 36 | 23:15:be:bc:d1:7f 37 | d3:da:83:05:5e:2a 38 | 04:83:e5:65:6b:2c 39 | 5b:68:1e:b8:1d:25 40 | 72:3d:78:de:38:ec 41 | 44:23:aa:bc:b0:b0 42 | 3e:27:1c:ce:52:1f 43 | 88:7d:9a:11:64:de 44 | 81:4e:78:df:ad:d7 45 | 59:7b:7f:54:da:c9 46 | 8c:37:db:f0:2b:25 47 | d2:54:56:e0:f2:d9 48 | 7e:70:7a:94:ca:76 49 | 4b:a0:b6:18:fb:d0 50 | d0:ef:08:18:0d:8d -------------------------------------------------------------------------------- /splunk_eventgen/samples/malicious_domains.sample: -------------------------------------------------------------------------------- 1 | www.theflyingpoodles.com 2 | www.partychimp.com 3 | www.truepants.ru 4 | www.makerealcashnow.com 5 | www.freepetcaretips.com -------------------------------------------------------------------------------- /splunk_eventgen/samples/networkProvider.sample: -------------------------------------------------------------------------------- 1 | Splunktel 2 | Splunktel 3 | Splunktel 4 | Splunktel 5 | Splunktel 6 | Splunktel 7 | Splunktel 8 | Splunktel 9 | Splunktel 10 | Splunktel 11 | Splunktel 12 | Splunktel 13 | Splunktel 14 | Splunktel 15 | Splunktel 16 | Splunktel 17 | Splunktel 18 | Splunktel 19 | Sprint 20 | Sprint 21 | Sprint 22 | Sprint 23 | Sprint 24 | Sprint 25 | Sprint 26 | Sprint 27 | Sprint 28 | Clearwire 29 | Clearwire 30 | Clearwire 31 | Clearwire 32 | Clearwire 33 | Clearwire 34 | Clearwire 35 | Clearwire 36 | Clearwire 37 | Clearwire 38 | Clearwire 39 | Clearwire -------------------------------------------------------------------------------- /splunk_eventgen/samples/oracle11.action.sample: -------------------------------------------------------------------------------- 1 | 100 2 | 101 3 | 102 4 | 100 5 | 101 6 | 102 7 | 100 8 | 101 9 | 102 10 | 43 11 | 51 12 | 52 13 | 53 14 | 54 15 | 55 16 | 79 17 | 108 18 | 109 19 | 114 20 | 115 -------------------------------------------------------------------------------- /splunk_eventgen/samples/oracleUserNames.sample: -------------------------------------------------------------------------------- 1 | scott 2 | dba_user_1 3 | dba_user_2 4 | dba_user_3 5 | oracle_1 6 | oracle_2 7 | oracle_3 8 | oracle_4 9 | oracle_5 10 | oracle_6 11 | oracle_7 12 | oracle_8 13 | oracle_9 14 | oracle_10 15 | oracle_11 16 | oracle_12 17 | oracle_13 18 | oracle_14 19 | oracle_15 20 | oracle_16 21 | oracle_17 22 | oracle_18 23 | oracle_19 24 | oracle_20 -------------------------------------------------------------------------------- /splunk_eventgen/samples/orderType.sample: -------------------------------------------------------------------------------- 1 | New 2 | New 3 | Change 4 | Change 5 | Change 6 | Delete -------------------------------------------------------------------------------- /splunk_eventgen/samples/orig.sample.mobilemusic.csv: -------------------------------------------------------------------------------- 1 | index,host,source,sourcetype,_raw main,localhost,/var/log/radius.log,radius,May 27 18:28:11:000 aaa2 radiusd[12676]:[ID 959576 local1.info] INFO RADOP(13) acct start for 5559031692@splunktel.com 10.94.63.34 from 130.253.37.97 recorded OK. main,localhost,/var/log/httpd/access_log,access_custom,"2012-05-27 18:28:11:112 10.2.1.35 POST /playhistory/uploadhistory - 80 - 10.94.63.34 ""Mozilla/5.0 (Linux; U; Android 2.3.4; en-us; Sprint APX515CKT Build/GRJ22) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1"" 200 0 0 468 1488" main,localhost,/var/log/radius.log,radius,May 27 18:28:11:199 aaa2 radiusd[12676]:[ID 959576 local1.info] INFO sample.mobilemusic.csv.origRADOP(13) acct stop for 5559031692@splunktel.com 10.94.63.34 from 130.253.37.97 recorded OK. -------------------------------------------------------------------------------- /splunk_eventgen/samples/phones.sample: -------------------------------------------------------------------------------- 1 | IP4S-16,iPhone,iPhone 4S 16 Gig 2 | IP4S-16,iPhone,iPhone 4S 16 Gig 3 | IP4S-16,iPhone,iPhone 4S 16 Gig 4 | IP4S-16,iPhone,iPhone 4S 16 Gig 5 | IP4S-16,iPhone,iPhone 4S 16 Gig 6 | IP4S-16,iPhone,iPhone 4S 16 Gig 7 | IP4S-16,iPhone,iPhone 4S 16 Gig 8 | IP4S-16,iPhone,iPhone 4S 16 Gig 9 | IP4S-16,iPhone,iPhone 4S 16 Gig 10 | IP4S-16,iPhone,iPhone 4S 16 Gig 11 | IP4S-32,iPhone,iPhone 4S 32 Gig 12 | IP4S-32,iPhone,iPhone 4S 32 Gig 13 | IP4S-32,iPhone,iPhone 4S 32 Gig 14 | IP4S-32,iPhone,iPhone 4S 32 Gig 15 | IP4S-32,iPhone,iPhone 4S 32 Gig 16 | IP4S-32,iPhone,iPhone 4S 32 Gig 17 | IP4S-32,iPhone,iPhone 4S 32 Gig 18 | IP4S-64,iPhone,iPhone 4S 64 Gig 19 | IP4S-64,iPhone,iPhone 4S 64 Gig 20 | IP4S-64,iPhone,iPhone 4S 64 Gig 21 | IP4S-64,iPhone,iPhone 4S 64 Gig 22 | IP4S-64,iPhone,iPhone 4S 64 Gig 23 | IP4S-64,iPhone,iPhone 4S 64 Gig 24 | IP4-8,iPhone,iPhone 4 8 Gig 25 | IP4-8,iPhone,iPhone 4 8 Gig 26 | IP3GS-8,iPhone,iPhone 3GS 27 | IP3GS-8,iPhone,iPhone 3GS 28 | IP3GS-8,iPhone,iPhone 3GS 29 | IP3GS-8,iPhone,iPhone 3GS 30 | SGS2,Android,Samsung GALAXY S2 31 | SGS2,Android,Samsung GALAXY S2 32 | SGS2,Android,Samsung GALAXY S2 33 | SGS4G,Android,Samsung GALAXY S 4G 34 | SGS4G,Android,Samsung GALAXY S 4G 35 | SGS4G,Android,Samsung GALAXY S 4G 36 | SGS4G,Android,Samsung GALAXY S 4G 37 | SGS4G,Android,Samsung GALAXY S 4G 38 | SS,Android,Samsung Stratosphere 39 | MDB,Android,Motorola Droid Bionic 40 | MDB,Android,Motorola Droid Bionic 41 | MDR,Android,Motorola Droid Razr 42 | MDR,Android,Motorola Droid Razr 43 | HE4G,Android,HTC Evo 4G 44 | HE4G,Android,HTC Evo 4G 45 | HDI,Android,HTC Droid Incredible 46 | LGR,Android,LG Revolution 47 | NL700,Windows Phone,Nokia Lumia 700 48 | NL1600,Windows Phone,Nokia Lumia 1600 49 | SFF,Windows Phone,Samsung Focus Flash 50 | BBC,Blackberry,Blackberry Curve 9360 51 | BBT,Blackberry,Blackberry Torch 91660 52 | PL2,Feature,Pantech Link 2 53 | PL2,Feature,Pantech Link 2 54 | PL2,Feature,Pantech Link 2 55 | PL2,Feature,Pantech Link 2 56 | PL2,Feature,Pantech Link 2 57 | PL2,Feature,Pantech Link 2 58 | SS2,Feature,Samsung Solstice 2 59 | SS2,Feature,Samsung Solstice 2 60 | SS2,Feature,Samsung Solstice 2 61 | SS2,Feature,Samsung Solstice 2 62 | PB3,Feature,Pantech Breeze III 63 | PB3,Feature,Pantech Breeze III 64 | PB3,Feature,Pantech Breeze III 65 | PB3,Feature,Pantech Breeze III 66 | PB3,Feature,Pantech Breeze III 67 | PB3,Feature,Pantech Breeze III 68 | MTUN,Feature,Motorola Tundra 69 | MTUN,Feature,Motorola Tundra -------------------------------------------------------------------------------- /splunk_eventgen/samples/radPIDs.sample: -------------------------------------------------------------------------------- 1 | 2363 2 | 12676 3 | 12548 -------------------------------------------------------------------------------- /splunk_eventgen/samples/radhosts.sample: -------------------------------------------------------------------------------- 1 | aaa1 2 | aaa2 3 | aaa3 -------------------------------------------------------------------------------- /splunk_eventgen/samples/random_domains.sample: -------------------------------------------------------------------------------- 1 | ryanzdimyxojlks.ac 2 | xyosowlnwqaihkq.by 3 | dxqjhxwvqnnaeja.com 4 | tkhwesmptszdody.dm 5 | nrsosrvzugflgrr.edu 6 | cpzwbasblwxuslm.fo 7 | ymtwccawahahbln.gov 8 | traqoovhxmnlzsw.hn 9 | rlmzjhmoavhvecn.info 10 | gtryuifjydlebbw.jobs 11 | kisebvtvvbwpqvs.kp 12 | uxdtcpgatmrkusb.ly 13 | dtutxaqyplrqawt.mil 14 | awgnwunsglcdniy.net 15 | tfrrmvpxtgsqkgx.org 16 | emyadlwbzdcvkji.post 17 | becfmwohxowgrin.ro 18 | zqtpdchgtqfaxeg.sm 19 | qsjchqcocvyrfvf.travel 20 | eetnpmejmgcjuts.ug 21 | rpuqtuhgwosvgrw.vc 22 | bbijrgibymvwkqh.wf 23 | jpmnwejftfqnmdj.xn--11b5bs3a9aj6g 24 | ctimibiiriizsfe.xn--9t4b11yi5a 25 | jhievxgnocibcid.xn--pgbs0dh 26 | wzpsynmmqaaytvk.xn--yfro4i67o 27 | sbmbsavwlynzcdt.ye 28 | umivkuhkfmnuqie.za 29 | grrwtjyyrtrupmf.ac 30 | vpsircrczggyxti.by 31 | qdpqjkvtbrsvsfu.com 32 | ttbxwberplbcpjt.dm 33 | mpesgkjkvrvxttk.edu 34 | yfgjawitvcjtlwx.fo 35 | tlcficjhlotnbnw.gov 36 | qlcasnxbwukyogy.hn 37 | ovuroahuiqgstho.info 38 | zkotiwaewxfbsra.jobs 39 | omizpmexfthdtkn.kp 40 | etabjoqkfincucc.ly 41 | wunehceccozhicb.mil 42 | vasfeglzezfrhin.net 43 | ondbxluvhhdfrzz.org 44 | rvpfszpypaprorv.post 45 | ufcyhlsjhnilxyu.ro 46 | cpynvdqsyyrmotr.sm 47 | qmaeaqfaminmtyd.travel 48 | bvaiwgaqcdsxupe.ug 49 | ddqulhrvujjvanx.vc 50 | pafzyzkypzovtmi.wf 51 | dcaioweydsfexnz.xn--11b5bs3a9aj6g 52 | hmrdxjpzmcdjpug.xn--9t4b11yi5a 53 | gqtavlakkdkcryl.xn--pgbs0dh 54 | dytwkhnhsuulniq.xn--yfro4i67o 55 | saeleofdezzuvfs.ye 56 | hojdytnzcsvpkok.za 57 | pcqxcoxljjtcrui.ac 58 | ymfojvebwimzpzm.by 59 | vbhnlghrkdvbpov.com 60 | rqsszeznvhhbrah.dm 61 | ztluylwgnmpgcac.edu 62 | ufvmgvfvklsrfgf.fo 63 | abgyotorvogikfm.gov 64 | dpznommctrfaycs.hn 65 | qhkhdkextwrztdm.info 66 | frlkmlrpxsjcmbx.jobs 67 | rxqdywdxhfhckte.kp 68 | buajzkdmvrsyljm.ly 69 | juvzvpjgiuwvpfo.mil 70 | bdprepgvmaafowj.net 71 | aldpagsgbplmxli.org 72 | meyeagtuyybatkh.post 73 | vbdcxghnetrwljh.ro -------------------------------------------------------------------------------- /splunk_eventgen/samples/sample.businessevent: -------------------------------------------------------------------------------- 1 | 2011-10-11 16:30:20,072,Event [Event=UpdateBillingProvQuote, timestamp=1318375820071, properties={JMSCorrelationID=NA, JMSMessageID=ID:ESP-PD.289F4E3F7A381:CEBE7D53, orderType=ChangeESN, quotePriority=NORMAL, conversationId=ESB~47af426612b50c97:5a04ce5c:132f52c51600:440d, credits=NA, JMSReplyTo=pub.esb.genericasync.response, timeToLive=-1, serviceName=UpdateBillingProvisioning, esn=NA, accountNumber=71081182961, MethodName=InternalEvent, AdapterName=UpdateBillingProvQuote, meid=NA, orderNumber=NA, quoteNumber=60354607, ReplyTo=NA, userName=cid, EventConversationID=NA, mdn=8322976226, accountType=PostPaid, marketCity="Houston", marketState=TX, marketZip=55555, billingCycle=5, autoBillPayment=T, phoneCode=IP4S, phoneType=iPhone, phoneName="iPhone 4S", planCode=700UD, planType=PostPaid, planPrice=45, planName="700 Minute Unlimited Data", planDescription="Nationwide 700 Minutes, Unlimited Mobile to Mobile, Unlimited Texting, Unlimited Data", networkProviderName=Native}] -------------------------------------------------------------------------------- /splunk_eventgen/samples/sample.mobilemusic: -------------------------------------------------------------------------------- 1 | May 28 18:28:11:000 aaa2 radiusd[12676]:[ID 959576 local1.info] INFO RADOP(13) acct start for 5559031692@splunktel.com 10.94.63.34 from 130.253.37.97 recorded OK. 2 | 2012-05-28 18:28:11:112 10.2.1.35 POST /playhistory/uploadhistory - 80 - 10.94.63.34 "Mozilla/5.0 (Linux; U; Android 2.3.4; en-us; Sprint APX515CKT Build/GRJ22) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1" 200 0 0 468 1488 3 | May 28 18:28:11:199 aaa2 radiusd[12676]:[ID 959576 local1.info] INFO RADOP(13) acct stop for 5559031692@splunktel.com 10.94.63.34 from 130.253.37.97 recorded OK. -------------------------------------------------------------------------------- /splunk_eventgen/samples/sample.mobilemusic.csv: -------------------------------------------------------------------------------- 1 | index,host,source,sourcetype,_raw 2 | oidemo,localhost,/var/log/radius.log,radius,May 27 18:28:11:000 aaa2 radiusd[12676]:[ID 959576 local1.info] INFO RADOP(13) acct start for 5559031692@splunktel.com 10.94.63.34 from 130.253.37.97 recorded OK. 3 | oidemo,localhost,/var/log/httpd/access_log,access_custom,"2012-05-27 18:28:11:112 10.2.1.35 POST /playhistory/uploadhistory - 80 - 10.94.63.34 ""Mozilla/5.0 (iPhone; CPU iPhone OS 5_0_1 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9A405 Safari/7534.48.3"" 503 0 0 468 1488" 4 | oidemo,localhost,/var/log/httpd/access_log,access_custom,"2012-05-27 18:28:11:125 10.2.1.35 GET /sync/addtolibrary/01011207201000005652000000000047 - 80 - 10.94.63.34 ""Mozilla/5.0 (iPhone; CPU iPhone OS 5_0_1 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9A405 Safari/7534.48.3"" 200 0 0 468 1488" 5 | oidemo,localhost,/var/log/httpd/access_log,access_custom,"2012-05-27 18:28:11:137 10.2.1.35 GET /sync/addtolibrary/01011207201000005652000000000047 - 80 - 10.94.63.34 ""Mozilla/5.0 (iPhone; CPU iPhone OS 5_0_1 like Mac OS X) AppleWebKit/534.46 (KHTML, like Gecko) Version/5.1 Mobile/9A405 Safari/7534.48.3"" 503 0 0 468 1488" 6 | oidemo,localhost,/var/log/radius.log,radius,May 27 18:28:11:199 aaa2 radiusd[12676]:[ID 959576 local1.info] INFO RADOP(13) acct stop for 5559031692@splunktel.com 10.94.63.34 from 130.253.37.97 recorded OK. -------------------------------------------------------------------------------- /splunk_eventgen/samples/sample.tutorial0: -------------------------------------------------------------------------------- 1 | 2014-01-04 20:00:00 WINDBAG Event 1 of 12 randint @@integer 2 | 2014-01-04 20:00:01 WINDBAG Event 2 of 12 randint @@integer 3 | 2014-01-04 20:00:02 WINDBAG Event 3 of 12 randint @@integer 4 | 2014-01-04 20:00:03 WINDBAG Event 4 of 12 randint @@integer 5 | 2014-01-04 20:00:03 WINDBAG Event 5 of 12 randint @@integer 6 | 2014-01-04 20:00:04 WINDBAG Event 6 of 12 randint @@integer 7 | 2014-01-04 20:00:05 WINDBAG Event 7 of 12 randint @@integer 8 | 2014-01-04 20:00:06 WINDBAG Event 8 of 12 randint @@integer 9 | 2014-01-04 20:00:08 WINDBAG Event 9 of 12 randint @@integer 10 | 2014-01-04 20:00:20 WINDBAG Event 10 of 12 randint @@integer 11 | 2014-01-04 20:00:21 WINDBAG Event 11 of 12 randint @@integer 12 | 2014-01-04 20:00:21 WINDBAG Event 12 of 12 randint @@integer 13 | -------------------------------------------------------------------------------- /splunk_eventgen/samples/sample.tutorial3: -------------------------------------------------------------------------------- 1 | 2012-09-14 16:30:20,072 transType=ReplaceMe transID=000000 transGUID=0A0B0C userName=bob city="City" state=State zip=00000 value=0 2 | -------------------------------------------------------------------------------- /splunk_eventgen/samples/sample.tutorial4: -------------------------------------------------------------------------------- 1 | index,host,source,sourcetype,_raw 2 | main,proxy.splunk.com,/var/log/proxy.log,proxy,"Sep 14 17:28:11:000 Connection inbound from 5.5.5.5 to 10.2.1.35 on 10.12.0.20 open" 3 | main,www.splunk.com,/var/log/httpd/access_log,access_custom,"2012-09-14 17:29:11:000 10.2.1.35 POST /playhistory/uploadhistory - 80 - 10.12.0.20 ""Mozilla/5.0 (Linux; U; Android 2.3.4; en-us; Sprint APX515CKT Build/GRJ22) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1"" 200 0 0 468 1488" 4 | main,proxy.splunk.com,/var/log/proxy.log,proxy,"Sep 14 17:30:11:000 Connection inbound from 5.5.5.5 to 10.2.1.35 on 10.12.0.20 closed" -------------------------------------------------------------------------------- /splunk_eventgen/samples/searchArtists.sample: -------------------------------------------------------------------------------- 1 | Rihanna 2 | Bruno+Mars 3 | LMFAO 4 | Flo+Rida 5 | Katy+Perry 6 | Kanye+West 7 | Adele 8 | David+Guetta 9 | Maroon+5 10 | T-Pain 11 | Gym+Class+Heroes 12 | Big+Sean 13 | J.Cole 14 | Drake 15 | Toby+Keith 16 | Snoop+Dogg 17 | Foster+The+People 18 | Cobra+Starship 19 | Kelly+Clarkson 20 | Gavin+DeGraw 21 | Luke+Bryan -------------------------------------------------------------------------------- /splunk_eventgen/samples/states: -------------------------------------------------------------------------------- 1 | Alabama 2 | Alaska 3 | Arizona 4 | Arkansas 5 | California 6 | Colorado 7 | Connecticut 8 | Delaware 9 | Florida 10 | Georgia 11 | Hawaii 12 | Idaho 13 | Illinois 14 | Indiana 15 | Iowa 16 | Kansas 17 | Kentucky 18 | Louisiana 19 | Maine 20 | Maryland 21 | Massachusetts 22 | Michigan 23 | Minnesota 24 | Mississippi 25 | Missouri 26 | Montana 27 | Nebraska 28 | Nevada 29 | New Hampshire 30 | New Jersey 31 | New Mexico 32 | New York 33 | North Carolina 34 | North Dakota 35 | Ohio 36 | Oklahoma 37 | Oregon 38 | Pennsylvania 39 | Rhode Island 40 | South Carolina 41 | South Dakota 42 | Tennessee 43 | Texas 44 | Utah 45 | Vermont 46 | Virginia 47 | Washington 48 | West Virginia 49 | Wisconsin 50 | Wyoming -------------------------------------------------------------------------------- /splunk_eventgen/samples/states.abbrev: -------------------------------------------------------------------------------- 1 | AK 2 | AL 3 | AR 4 | AS 5 | AZ 6 | CA 7 | CO 8 | CT 9 | DC 10 | DE 11 | FL 12 | FM 13 | GA 14 | GU 15 | HI 16 | IA 17 | ID 18 | IL 19 | IN 20 | KS 21 | KY 22 | LA 23 | MA 24 | MD 25 | ME 26 | MH 27 | MI 28 | MN 29 | MO 30 | MP 31 | MS 32 | MT 33 | NC 34 | ND 35 | NE 36 | NH 37 | NJ 38 | NM 39 | NV 40 | NY 41 | OH 42 | OK 43 | OR 44 | PA 45 | PR 46 | PW 47 | RI 48 | SC 49 | SD 50 | TN 51 | TX 52 | UT 53 | VA 54 | VI 55 | VT 56 | WA 57 | WI 58 | WV 59 | WY -------------------------------------------------------------------------------- /splunk_eventgen/samples/street.types: -------------------------------------------------------------------------------- 1 | Ally 2 | App 3 | Arc 4 | Ave 5 | Blvd 6 | Brow 7 | Bypa 8 | Cway 9 | Cct 10 | Circ 11 | Cl 12 | Cpse 13 | Cnr 14 | Cove 15 | Ct 16 | Cres 17 | Dr 18 | End 19 | Esp 20 | Flat 21 | Fway 22 | Frnt 23 | Gdns 24 | Gld 25 | Glen 26 | Grn 27 | Gr 28 | Hts 29 | Hwy 30 | Lane 31 | Link 32 | Loop 33 | Mall 34 | Mews 35 | Pckt 36 | Pde 37 | Park 38 | Pkwy 39 | Pl 40 | Prom 41 | Res 42 | Rdge 43 | Rise 44 | Rd 45 | Row 46 | Sq 47 | St 48 | Strp 49 | Tarn 50 | Tce 51 | Tfre 52 | Trac 53 | Tway 54 | View 55 | Vsta 56 | Walk 57 | Way 58 | Wway 59 | Yard -------------------------------------------------------------------------------- /splunk_eventgen/samples/streetSuffixes.sample: -------------------------------------------------------------------------------- 1 | Blvd. 2 | Blvd. 3 | St. 4 | St. 5 | St. 6 | St. 7 | St. 8 | St. 9 | Pkwy. 10 | Pkwy. 11 | Pkwy. 12 | Ln. 13 | Ln. 14 | Ln. 15 | Dr. 16 | Dr. 17 | Dr. 18 | Dr. 19 | Way 20 | Way 21 | Ave. 22 | Ave. 23 | Ave. 24 | Hwy. -------------------------------------------------------------------------------- /splunk_eventgen/samples/streets: -------------------------------------------------------------------------------- 1 | Acres 2 | Amber 3 | Anchor 4 | Apple 5 | Arbor 6 | Autumn 7 | Avenue 8 | Bank 9 | Barn 10 | Beacon 11 | Bear 12 | Bend 13 | Berry 14 | Blossom 15 | Blue 16 | Bluff 17 | Branch 18 | Bright 19 | Broad 20 | Brook 21 | Burning 22 | Butterfly 23 | Canyon 24 | Chase 25 | Cider 26 | Cinder 27 | Circle 28 | Clear 29 | Cloud 30 | Colonial 31 | Corner 32 | Cotton 33 | Court 34 | Cove 35 | Cozy 36 | Creek 37 | Crest 38 | Crystal 39 | Dale 40 | Dale 41 | Deer 42 | Dell 43 | Dewy 44 | Dusty 45 | Easy 46 | Edge 47 | Elk 48 | Embers 49 | Emerald 50 | Estates 51 | Fallen 52 | Falls 53 | Farms 54 | Fawn 55 | Foggy 56 | Forest 57 | Fox 58 | Gardens 59 | Gate 60 | Gate 61 | Gentle 62 | Glade 63 | Glen 64 | Golden 65 | Goose 66 | Grand 67 | Green 68 | Grove 69 | Grove 70 | Harvest 71 | Hazy 72 | Heather 73 | Hickory 74 | Hidden 75 | High 76 | Highlands 77 | Hills 78 | Hollow 79 | Honey 80 | Horse 81 | Indian 82 | Iron 83 | Island 84 | Isle 85 | Jagged 86 | Jetty 87 | Knoll 88 | Lagoon 89 | Lake 90 | Landing 91 | Lane 92 | Lazy 93 | Leaf 94 | Ledge 95 | Little 96 | Log 97 | Lost 98 | Manor 99 | Meadow 100 | Merry 101 | Mews 102 | Middle 103 | Misty 104 | Mountain 105 | Nectar 106 | Noble 107 | Nook 108 | Oak 109 | Old 110 | Orchard 111 | Panda 112 | Park 113 | Path 114 | Pike 115 | Pine 116 | Pioneer 117 | Place 118 | Pleasant 119 | Point 120 | Pond 121 | Pony 122 | Prairie 123 | Promenade 124 | Quail 125 | Quaking 126 | Quiet 127 | Rabbit 128 | Red 129 | Ridge 130 | Rise 131 | River 132 | Robin 133 | Rocky 134 | Round 135 | Round 136 | Run 137 | Rustic 138 | Shadow 139 | Shady 140 | Silent 141 | Silver 142 | Sky 143 | Sleepy 144 | Spring 145 | Stead 146 | Stony 147 | Sunny 148 | Swale 149 | Tawny 150 | Terrace 151 | Thunder 152 | Timber 153 | Trace 154 | Trail 155 | Treasure 156 | Umber 157 | Vale 158 | Valley 159 | Velvet 160 | View 161 | View 162 | Vista 163 | Wagon 164 | Way 165 | Willow 166 | Wishing 167 | Woods 168 | Zephyr -------------------------------------------------------------------------------- /splunk_eventgen/samples/trackIDs.sample: -------------------------------------------------------------------------------- 1 | 01011207201000005652000000000021 2 | 01011207201000005652000000000047 3 | 01011207201000005652000000000068 4 | 01011207201000005652000000000018 5 | 01011207201000005652000000000031 6 | 01011207201000005652000000000007 7 | 01011207201000005652000000000013 8 | 01011207201000005652000000000041 9 | 01011207201000005652000000000053 10 | 01011207201000005652000000000023 11 | 01011207201000005652000000000029 12 | 01011207201000005652000000000037 13 | 01011207201000005652000000000011 14 | 01011207201000005652000000000003 15 | 01011207201000005652000000000083 16 | 01011207201000005652000000000017 17 | 01011207201000005652000000000071 18 | 01011207201000005652000000000026 19 | 01011207201000005652000000000055 20 | 01011207201000005652000000000084 21 | 01011207201000005652000000000014 22 | 01011207201000005652000000000025 23 | 01011207201000005652000000000049 -------------------------------------------------------------------------------- /splunk_eventgen/samples/transType.sample: -------------------------------------------------------------------------------- 1 | New 2 | New 3 | Change 4 | Change 5 | Change 6 | Delete -------------------------------------------------------------------------------- /splunk_eventgen/samples/uris.sample: -------------------------------------------------------------------------------- 1 | GET /browse/search 2 | GET /browse/tracks 3 | POST /sync/createplaylist 4 | POST /playhistory/uploadhistory 5 | POST /auth -------------------------------------------------------------------------------- /splunk_eventgen/samples/vmware-migration.csv: -------------------------------------------------------------------------------- 1 | host6.foobar.com,host-16 host2.foobar.com,host-20 -------------------------------------------------------------------------------- /splunk_eventgen/samples/webhosts.sample: -------------------------------------------------------------------------------- 1 | 10.2.1.33 2 | 10.2.1.34 3 | 10.2.1.35 -------------------------------------------------------------------------------- /splunk_eventgen/samples/windbag: -------------------------------------------------------------------------------- 1 | 2014-01-04 20:54:34 WINDBAG Event 1 of 5 2 | 2014-01-04 20:54:35 WINDBAG Event 2 of 5 3 | 2014-01-04 20:54:36 WINDBAG Event 3 of 5 4 | 2014-01-04 20:54:37 WINDBAG Event 4 of 5 5 | 2014-01-04 20:54:38 WINDBAG Event 5 of 5 -------------------------------------------------------------------------------- /splunk_eventgen/splunk_app/README.md: -------------------------------------------------------------------------------- 1 | ### Introduction 2 | 3 | SA-Eventgen (Splunk App Eventgen) allows users to generate and index custom event data on their Splunk instance. 4 | This app is currently built and maintained through the [Eventgen repository](https://github.com/splunk/eventgen). 5 | 6 | ### Documentation 7 | 8 | The general Eventgen documentation is hosted on [Github](http://splunk.github.io/eventgen). 9 | For installation and configuration instructions specific to the Splunk App, see the 10 | [app install](http://splunk.github.io/eventgen/SETUP.html#splunk-app-installation) page of the documentation. 11 | 12 | Finally, see to the [Eventgen Reference Guide](http://splunk.github.io/eventgen/REFERENCE.html#eventgenconfspec) 13 | for information on Eventgen configuration options. 14 | -------------------------------------------------------------------------------- /splunk_eventgen/splunk_app/README/inputs.conf.spec: -------------------------------------------------------------------------------- 1 | [modinput_eventgen://] 2 | verbosity = 3 | python.version = python3 4 | -------------------------------------------------------------------------------- /splunk_eventgen/splunk_app/bin/.gitignore: -------------------------------------------------------------------------------- 1 | *.pyc 2 | eventcount 3 | webserver.js -------------------------------------------------------------------------------- /splunk_eventgen/splunk_app/bin/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/splunk/eventgen/52542a6565ab75d7f1ad7debbdf75cfa9b79d226/splunk_eventgen/splunk_app/bin/__init__.py -------------------------------------------------------------------------------- /splunk_eventgen/splunk_app/default/app.conf: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2005-2019 Splunk Inc. All Rights Reserved. 2 | # DO NOT EDIT THIS FILE! 3 | # Please make all changes to files in $SPLUNK_HOME/etc/apps/SA-Eventgen/local. 4 | # To make changes, copy the section/stanza you want to change from $SPLUNK_HOME/etc/apps/SA-Eventgen/default 5 | # into ../local and edit there. 6 | # 7 | 8 | ## Splunk app configuration file 9 | 10 | [install] 11 | is_configured = false 12 | state = enabled 13 | build = 1 14 | 15 | [launcher] 16 | author = Splunk Inc. 17 | version = 7.2.1 18 | description = SA-Eventgen app for dynamic data generation 19 | 20 | [package] 21 | id = SA-Eventgen 22 | 23 | [ui] 24 | is_visible = true 25 | label = SA-Eventgen 26 | 27 | [triggers] 28 | reload.eventgen = simple 29 | reload.inputs.eventgen = access_endpoints /data/inputs/eventgen 30 | -------------------------------------------------------------------------------- /splunk_eventgen/splunk_app/default/data/ui/nav/default.xml: -------------------------------------------------------------------------------- 1 | 4 | -------------------------------------------------------------------------------- /splunk_eventgen/splunk_app/default/distsearch.conf: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2005-2019 Splunk Inc. All Rights Reserved. 2 | # DO NOT EDIT THIS FILE! 3 | # Please make all changes to files in $SPLUNK_HOME/etc/apps/SA-Eventgen/local. 4 | # To make changes, copy the section/stanza you want to change from $SPLUNK_HOME/etc/apps/SA-Eventgen/default 5 | # into ../local and edit there. 6 | # 7 | 8 | ## 4.1.5+ 9 | [replicationBlacklist] 10 | 11 | ## Prevent event generator app from being replicated via distsearch 12 | noeventgen = apps[/\\]SA-Eventgen[/\\]... 13 | -------------------------------------------------------------------------------- /splunk_eventgen/splunk_app/default/distsearch.conf.windows: -------------------------------------------------------------------------------- 1 | # Copyright (C) 2005-2019 Splunk Inc. All Rights Reserved. 2 | # DO NOT EDIT THIS FILE! 3 | # Please make all changes to files in $SPLUNK_HOME/etc/apps/SA-Eventgen/local. 4 | # To make changes, copy the section/stanza you want to change from $SPLUNK_HOME/etc/apps/SA-Eventgen/default 5 | # into ../local and edit there. 6 | # 7 | 8 | ## 4.1.5+ 9 | [replicationBlacklist] 10 | 11 | ## Prevent event generator app from being replicated via distsearch 12 | noeventgen = apps\SA-Eventgen\... 13 | -------------------------------------------------------------------------------- /splunk_eventgen/splunk_app/default/inputs.conf: -------------------------------------------------------------------------------- 1 | [modinput_eventgen] 2 | verbosity = 40 3 | 4 | [modinput_eventgen://default] 5 | python.version = python3 6 | disabled = true 7 | -------------------------------------------------------------------------------- /splunk_eventgen/splunk_app/default/props.conf: -------------------------------------------------------------------------------- 1 | [source::...eventgen-main.log] 2 | sourcetype = eventgen_main 3 | 4 | [source::...eventgen-listener-process.log] 5 | sourcetype = eventgen_listener_process 6 | 7 | [source::...splunk-hec-handler.log] 8 | sourcetype = eventgen_hec_handler 9 | 10 | [source::...eventgen-errors.log] 11 | sourcetype = eventgen_errors 12 | 13 | [source::...modinput_eventgen.log] 14 | sourcetype = eventgen_modinput 15 | 16 | [source::...eventgen-metrics.log] 17 | sourcetype = eventgen_metrics 18 | KV_MODE = json 19 | INDEXED_EXTRACTIONS = JSON 20 | 21 | [eventgen] 22 | REPORT-sample-app_for_eventgen = sample-app_for_eventgen 23 | REPORT-completion_time_for_eventgen = completion_time_for_eventgen 24 | EXTRACT-level = \S+\s\S+\s(?[^ ]+) 25 | EXTRACT-message = \S+\s\S+\s\S+\s[^:]+:(?.+) 26 | -------------------------------------------------------------------------------- /splunk_eventgen/splunk_app/default/transforms.conf: -------------------------------------------------------------------------------- 1 | 2 | [sample-app_for_eventgen] 3 | REGEX = sample\s+\'([^']+)\'\s+in\s+app\s+\'([^']+) 4 | FORMAT = sample::"$1" app::"$2" 5 | 6 | [completion_time_for_eventgen] 7 | REGEX = completed\s+in\s+(\d+) 8 | FORMAT = duration::$1 -------------------------------------------------------------------------------- /splunk_eventgen/splunk_app/lib/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/splunk/eventgen/52542a6565ab75d7f1ad7debbdf75cfa9b79d226/splunk_eventgen/splunk_app/lib/__init__.py -------------------------------------------------------------------------------- /splunk_eventgen/splunk_app/metadata/default.meta: -------------------------------------------------------------------------------- 1 | # Application-level permissions 2 | 3 | [] 4 | access = read : [ * ], write : [ admin ] 5 | export = system 6 | 7 | [savedsearches] 8 | owner = admin -------------------------------------------------------------------------------- /splunk_eventgen/splunk_app/static/appIcon.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/splunk/eventgen/52542a6565ab75d7f1ad7debbdf75cfa9b79d226/splunk_eventgen/splunk_app/static/appIcon.png -------------------------------------------------------------------------------- /splunk_eventgen/splunk_app/static/appIcon_2x.png: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/splunk/eventgen/52542a6565ab75d7f1ad7debbdf75cfa9b79d226/splunk_eventgen/splunk_app/static/appIcon_2x.png -------------------------------------------------------------------------------- /tests/.coveragerc: -------------------------------------------------------------------------------- 1 | [run] 2 | omit = 3 | splunk_eventgen/lib/logutils_src/* 4 | splunk_eventgen/lib/concurrent/* 5 | splunk_eventgen/lib/requests_futures/* 6 | splunk_eventgen/logger/* 7 | 8 | [report] 9 | omit = 10 | splunk_eventgen/lib/logutils_src/* 11 | splunk_eventgen/lib/concurrent/* 12 | splunk_eventgen/lib/requests_futures/* 13 | splunk_eventgen/logger/* 14 | -------------------------------------------------------------------------------- /tests/.gitignore: -------------------------------------------------------------------------------- 1 | *.pyc 2 | results/ 3 | .coverage 4 | -------------------------------------------------------------------------------- /tests/large/README.md: -------------------------------------------------------------------------------- 1 | Convention: 2 | * Test conf files are located at `conf` folder; 3 | * Sample files are located at `sample` folder; 4 | * Other utils related tools are located at `utils` folder; 5 | * `fileName` in `conf` settings is relative which will write results to folder `tests/large/results`; 6 | 7 | How to add a new functional test: 8 | * Add eventgen conf file in `conf` folder;(`sampleDir = ../sample` should be in the conf stanza) 9 | * Add sample file defined in above eventgen conf in folder `sample`; 10 | * Add a new functional test `py` file and add test case; 11 | * Use `eventgen_test_helper` fixture to create a helper instance and use `get_events()` to get events generated; 12 | * Pass `timeout=60` if you want to stop eventgen instance after 60s; 13 | -------------------------------------------------------------------------------- /tests/large/conf/eventgen_extend_index.conf: -------------------------------------------------------------------------------- 1 | [cisco] 2 | sampleDir = ../sample 3 | mode = sample 4 | sampletype = raw 5 | outputMode = httpevent 6 | httpeventServers = {"servers": [{"protocol": "https", "port": "8088", "key": "00000000-0000-0000-0000-000000000000", "address": "localhost"}]} 7 | end = 1 8 | sourcetype = cisco 9 | index = main 10 | 11 | token.0.token = \d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2} 12 | token.0.replacementType = timestamp 13 | token.0.replacement = %Y-%m-%d %H:%M:%S 14 | 15 | token.1.token = @@integer 16 | token.1.replacementType = random 17 | token.1.replacement = integer[0:10] 18 | 19 | 20 | [sample] 21 | sampleDir = ../sample 22 | mode = sample 23 | sampletype = raw 24 | outputMode = httpevent 25 | httpeventServers = {"servers": [{"protocol": "https", "port": "8088", "key": "00000000-0000-0000-0000-000000000000", "address": "localhost"}]} 26 | end = 1 27 | sourcetype = syslog 28 | extendIndexes = test_:2 29 | 30 | token.0.token = \d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2} 31 | token.0.replacementType = timestamp 32 | token.0.replacement = %Y-%m-%d %H:%M:%S 33 | 34 | token.1.token = @@integer 35 | token.1.replacementType = random 36 | token.1.replacement = integer[0:10] 37 | 38 | 39 | -------------------------------------------------------------------------------- /tests/large/conf/eventgen_jinja_advance.conf: -------------------------------------------------------------------------------- 1 | [test_jinja_template_advance] 2 | end = 1 3 | count = 3 4 | interval = 5 5 | sampleDir = ../sample 6 | generator = jinja 7 | jinja_target_template = test_jinja_tmpl_advance.j2 8 | jinja_variables = {"large_number":3, "username": "admin", "flag": true} 9 | earliest = -3s 10 | latest = now 11 | outputMode = stdout 12 | -------------------------------------------------------------------------------- /tests/large/conf/eventgen_jinja_simple.conf: -------------------------------------------------------------------------------- 1 | [test_jinja_template_simple] 2 | end = 1 3 | count = 1 4 | sampleDir = ../sample 5 | generator = jinja 6 | jinja_target_template = test_jinja_tmpl_simple.j2 7 | jinja_variables = {"large_number":10} 8 | earliest = -3s 9 | latest = now 10 | outputMode = stdout 11 | -------------------------------------------------------------------------------- /tests/large/conf/eventgen_jinja_tmpl_dir.conf: -------------------------------------------------------------------------------- 1 | [test_jinja_template_customized_dir] 2 | end = 1 3 | count = 1 4 | sampleDir = ../sample 5 | generator = jinja 6 | jinja_template_dir = templates_4_test 7 | jinja_target_template = test_jinja_tmpl_dir.j2 8 | jinja_variables = {"large_number":10} 9 | earliest = -3s 10 | latest = now 11 | outputMode = stdout 12 | -------------------------------------------------------------------------------- /tests/large/conf/eventgen_output_modinput.conf: -------------------------------------------------------------------------------- 1 | [sample] 2 | sampleDir = ../sample 3 | mode = sample 4 | earliest = -15s 5 | sampletype = raw 6 | outputMode = modinput 7 | end = 1 8 | source = eventgen 9 | 10 | token.0.token = \d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2} 11 | token.0.replacementType = timestamp 12 | token.0.replacement = %Y-%m-%d %H:%M:%S 13 | 14 | token.1.token = @@integer 15 | token.1.replacementType = random 16 | token.1.replacement = integer[0:10] 17 | -------------------------------------------------------------------------------- /tests/large/conf/eventgen_perdayvolume.conf: -------------------------------------------------------------------------------- 1 | [sample] 2 | sampleDir = ../sample 3 | sampletype = raw 4 | outputMode = file 5 | fileName = tests/large/results/eventgen_perdayvolume.result 6 | perDayVolume = 1 7 | -------------------------------------------------------------------------------- /tests/large/conf/eventgen_perdayvolume_large_token.conf: -------------------------------------------------------------------------------- 1 | [sample] 2 | sampleDir = ../sample 3 | sampletype = raw 4 | outputMode = file 5 | fileName = tests/large/results/eventgen_perdayvolume.result 6 | perDayVolume = 1 7 | 8 | token.0.token = @@integer 9 | token.0.replacementType = static 10 | token.0.replacement = "supercalifragilisticexpialidocious" 11 | -------------------------------------------------------------------------------- /tests/large/conf/eventgen_perdayvolume_small_token.conf: -------------------------------------------------------------------------------- 1 | [sample] 2 | sampleDir = ../sample 3 | sampletype = raw 4 | outputMode = file 5 | fileName = tests/large/results/eventgen_perdayvolume.result 6 | perDayVolume = 1 7 | 8 | token.0.token = @@integer 9 | token.0.replacementType = random 10 | token.0.replacement = integer[0:10] 11 | -------------------------------------------------------------------------------- /tests/large/conf/eventgen_plugin_devnull.conf: -------------------------------------------------------------------------------- 1 | [sample] 2 | sampleDir = ../sample 3 | mode = sample 4 | earliest = now 5 | sampletype = raw 6 | outputMode = devnull 7 | end = 1 8 | 9 | token.0.token = \d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2} 10 | token.0.replacementType = timestamp 11 | token.0.replacement = %Y-%m-%d %H:%M:%S 12 | 13 | token.1.token = @@integer 14 | token.1.replacementType = random 15 | token.1.replacement = integer[0:10] 16 | -------------------------------------------------------------------------------- /tests/large/conf/eventgen_plugin_file.conf: -------------------------------------------------------------------------------- 1 | [sample] 2 | sampleDir = ../sample 3 | mode = sample 4 | earliest = now 5 | sampletype = raw 6 | outputMode = file 7 | fileName = tests/large/results/eventgen_plugin_file.result 8 | end = 1 9 | 10 | token.0.token = \d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2} 11 | token.0.replacementType = timestamp 12 | token.0.replacement = %Y-%m-%d %H:%M:%S 13 | 14 | token.1.token = @@integer 15 | token.1.replacementType = random 16 | token.1.replacement = integer[0:10] 17 | -------------------------------------------------------------------------------- /tests/large/conf/eventgen_plugin_httpevent.conf: -------------------------------------------------------------------------------- 1 | [sample] 2 | sampleDir = ../sample 3 | mode = sample 4 | earliest = now 5 | sampletype = raw 6 | outputMode = httpevent 7 | httpeventServers = {"servers": [{"protocol": "https", "port": "8088", "key": "00000000-0000-0000-0000-000000000000", "address": "localhost"}]} 8 | end = 1 9 | sourcetype = httpevent 10 | 11 | token.0.token = \d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2} 12 | token.0.replacementType = timestamp 13 | token.0.replacement = %Y-%m-%d %H:%M:%S 14 | 15 | token.1.token = @@integer 16 | token.1.replacementType = random 17 | token.1.replacement = integer[0:10] 18 | -------------------------------------------------------------------------------- /tests/large/conf/eventgen_plugin_s2s.conf: -------------------------------------------------------------------------------- 1 | [sample] 2 | sampleDir = ../sample 3 | mode = sample 4 | earliest = now 5 | sampletype = raw 6 | outputMode = s2s 7 | splunkHost = localhost 8 | splunkPort = 9997 9 | end = 1 10 | sourcetype = s2s 11 | 12 | token.0.token = \d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2} 13 | token.0.replacementType = timestamp 14 | token.0.replacement = %Y-%m-%d %H:%M:%S 15 | 16 | token.1.token = @@integer 17 | token.1.replacementType = random 18 | token.1.replacement = integer[0:10] 19 | -------------------------------------------------------------------------------- /tests/large/conf/eventgen_plugin_splunkstream.conf: -------------------------------------------------------------------------------- 1 | [sample] 2 | sampleDir = ../sample 3 | mode = sample 4 | earliest = now 5 | outputMode = splunkstream 6 | splunkHost = localhost 7 | splunkUser = admin 8 | splunkPass = changeme 9 | splunkPort = 8089 10 | splunkMethod = https 11 | 12 | end = 1 13 | sourcetype = splunkstream 14 | 15 | token.0.token = \d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2} 16 | token.0.replacementType = timestamp 17 | token.0.replacement = %Y-%m-%d %H:%M:%S 18 | 19 | token.1.token = @@integer 20 | token.1.replacementType = random 21 | token.1.replacement = integer[0:10] 22 | -------------------------------------------------------------------------------- /tests/large/conf/eventgen_plugin_spool.conf: -------------------------------------------------------------------------------- 1 | [sample] 2 | sampleDir = ../sample 3 | mode = sample 4 | earliest = now 5 | outputMode = spool 6 | spoolDir = tests/large/results 7 | spoolFile = eventgen_spool_test.result 8 | 9 | end = 1 10 | 11 | token.0.token = \d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2} 12 | token.0.replacementType = timestamp 13 | token.0.replacement = %Y-%m-%d %H:%M:%S 14 | 15 | token.1.token = @@integer 16 | token.1.replacementType = random 17 | token.1.replacement = integer[0:10] 18 | -------------------------------------------------------------------------------- /tests/large/conf/eventgen_replay.conf: -------------------------------------------------------------------------------- 1 | [replay] 2 | sampleDir = ../sample 3 | mode = replay 4 | sampletype = raw 5 | outputMode = stdout 6 | end = 1 7 | 8 | token.0.token = \d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2} 9 | token.0.replacementType = replaytimestamp 10 | token.0.replacement = %Y-%m-%d %H:%M:%S 11 | 12 | token.1.token = @@integer 13 | token.1.replacementType = random 14 | token.1.replacement = integer[0:10] 15 | -------------------------------------------------------------------------------- /tests/large/conf/eventgen_replay_backfill.conf: -------------------------------------------------------------------------------- 1 | [replay] 2 | sampleDir = ../sample 3 | backfill = -5s 4 | sampletype = raw 5 | outputMode = stdout 6 | mode = replay 7 | interval = 0 8 | end = 2 9 | 10 | token.0.token = \d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2} 11 | token.0.replacementType = replaytimestamp 12 | token.0.replacement = %Y-%m-%d %H:%M:%S 13 | 14 | token.1.token = @@integer 15 | token.1.replacementType = random 16 | token.1.replacement = integer[0:10] 17 | -------------------------------------------------------------------------------- /tests/large/conf/eventgen_replay_backfill_greater_interval.conf: -------------------------------------------------------------------------------- 1 | [replay] 2 | sampleDir = ../sample 3 | backfill = -120s 4 | sampletype = raw 5 | outputMode = file 6 | fileName = tests/large/results/eventgen_replay_backfill.result 7 | mode = replay 8 | interval = 0 9 | end = 2 10 | 11 | token.0.token = \d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2} 12 | token.0.replacementType = replaytimestamp 13 | token.0.replacement = %Y-%m-%d %H:%M:%S 14 | 15 | token.1.token = @@integer 16 | token.1.replacementType = random 17 | token.1.replacement = integer[0:10] 18 | -------------------------------------------------------------------------------- /tests/large/conf/eventgen_replay_csv.conf: -------------------------------------------------------------------------------- 1 | [timeorder\.csv] 2 | sampleDir = ../sample 3 | mode = replay 4 | sampletype = csv 5 | timeField = _time 6 | outputMode = stdout 7 | interval = 0 8 | end = 1 9 | 10 | token.0.token = \d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2} 11 | token.0.replacementType = replaytimestamp 12 | token.0.replacement = %Y-%m-%dT%H:%M:%S 13 | -------------------------------------------------------------------------------- /tests/large/conf/eventgen_replay_csv_with_tz.conf: -------------------------------------------------------------------------------- 1 | [timezone\.csv] 2 | sampleDir = ../sample 3 | mode = replay 4 | sampletype = csv 5 | outputMode = stdout 6 | timezone = -0100 7 | timeField = _raw 8 | interval = 0 9 | 10 | token.0.token = \d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2},\d{3,6} 11 | token.0.replacementType = timestamp 12 | token.0.replacement = %Y-%m-%dT%H:%M:%S,%f 13 | -------------------------------------------------------------------------------- /tests/large/conf/eventgen_replay_end_1.conf: -------------------------------------------------------------------------------- 1 | [replay] 2 | sampleDir = ../sample 3 | mode = replay 4 | earliest = -5s 5 | sampletype = raw 6 | outputMode = stdout 7 | interval = 0 8 | end = 2 9 | 10 | token.0.token = \d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2} 11 | token.0.replacementType = replaytimestamp 12 | token.0.replacement = %Y-%m-%d %H:%M:%S 13 | 14 | token.1.token = @@integer 15 | token.1.replacementType = random 16 | token.1.replacement = integer[0:10] 17 | -------------------------------------------------------------------------------- /tests/large/conf/eventgen_replay_end_2.conf: -------------------------------------------------------------------------------- 1 | [replay] 2 | sampleDir = ../sample 3 | mode = replay 4 | earliest = -5s 5 | sampletype = raw 6 | outputMode = stdout 7 | end = -1 8 | interval = 0 9 | 10 | token.0.token = \d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2} 11 | token.0.replacementType = replaytimestamp 12 | token.0.replacement = %Y-%m-%d %H:%M:%S 13 | 14 | token.1.token = @@integer 15 | token.1.replacementType = random 16 | token.1.replacement = integer[0:10] 17 | -------------------------------------------------------------------------------- /tests/large/conf/eventgen_replay_timeMultiple.conf: -------------------------------------------------------------------------------- 1 | [replay] 2 | sampleDir = ../sample 3 | mode = replay 4 | sampletype = raw 5 | outputMode = stdout 6 | timeMultiple = 0.5 7 | interval=0 8 | 9 | token.0.token = \d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2} 10 | token.0.replacementType = replaytimestamp 11 | token.0.replacement = %Y-%m-%d %H:%M:%S 12 | 13 | token.1.token = @@integer 14 | token.1.replacementType = random 15 | token.1.replacement = integer[0:10] 16 | -------------------------------------------------------------------------------- /tests/large/conf/eventgen_sample.conf: -------------------------------------------------------------------------------- 1 | [sample] 2 | sampleDir = ../sample 3 | mode = sample 4 | earliest = -15s 5 | sampletype = raw 6 | outputMode = stdout 7 | end = 1 8 | 9 | token.0.token = \d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2} 10 | token.0.replacementType = timestamp 11 | token.0.replacement = %Y-%m-%d %H:%M:%S 12 | 13 | token.1.token = @@integer 14 | token.1.replacementType = random 15 | token.1.replacement = integer[0:10] 16 | -------------------------------------------------------------------------------- /tests/large/conf/eventgen_sample_backfill.conf: -------------------------------------------------------------------------------- 1 | [sample] 2 | sampleDir = ../sample 3 | mode = sample 4 | backfill = -15s 5 | sampletype = raw 6 | outputMode = stdout 7 | end = 1 8 | 9 | token.0.token = \d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2} 10 | token.0.replacementType = timestamp 11 | token.0.replacement = %Y-%m-%d %H:%M:%S 12 | 13 | token.1.token = @@integer 14 | token.1.replacementType = random 15 | token.1.replacement = integer[0:10] 16 | -------------------------------------------------------------------------------- /tests/large/conf/eventgen_sample_breaker.conf: -------------------------------------------------------------------------------- 1 | [breakersample] 2 | sampleDir = ../sample 3 | outputMode = file 4 | fileName = tests/large/results/eventgen_sample_breaker.result 5 | count = 3 6 | earliest = -3s 7 | latest = now 8 | interval = 3 9 | breaker = ^\d{14}\.\d{6} 10 | end = 1 11 | 12 | token.0.token = ^(\d{14})\.\d{6} 13 | token.0.replacementType = timestamp 14 | token.0.replacement = %Y%m%d%H%M%S 15 | -------------------------------------------------------------------------------- /tests/large/conf/eventgen_sample_count.conf: -------------------------------------------------------------------------------- 1 | [sample] 2 | sampleDir = ../sample 3 | mode = sample 4 | earliest = -15s 5 | sampletype = raw 6 | outputMode = stdout 7 | end = 1 8 | count = 5 9 | 10 | token.0.token = \d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2} 11 | token.0.replacementType = timestamp 12 | token.0.replacement = %Y-%m-%d %H:%M:%S 13 | 14 | token.1.token = @@integer 15 | token.1.replacementType = random 16 | token.1.replacement = integer[0:10] 17 | -------------------------------------------------------------------------------- /tests/large/conf/eventgen_sample_csv.conf: -------------------------------------------------------------------------------- 1 | [timeorder\.csv] 2 | sampleDir = ../sample 3 | mode = sample 4 | sampletype = csv 5 | outputMode = stdout 6 | end = 1 7 | 8 | token.0.token = \d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2} 9 | token.0.replacementType = timestamp 10 | token.0.replacement = %Y-%m-%d %H:%M:%S 11 | 12 | token.1.token = @@integer 13 | token.1.replacementType = random 14 | token.1.replacement = integer[0:10] 15 | -------------------------------------------------------------------------------- /tests/large/conf/eventgen_sample_earliest.conf: -------------------------------------------------------------------------------- 1 | [sample] 2 | sampleDir = ../sample 3 | mode = sample 4 | earliest = -15s 5 | sampletype = raw 6 | outputMode = file 7 | fileName = tests/large/results/eventgen_sample_earliest.result 8 | end = 1 9 | 10 | token.0.token = \d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2} 11 | token.0.replacementType = timestamp 12 | token.0.replacement = %Y-%m-%d %H:%M:%S 13 | 14 | token.1.token = @@integer 15 | token.1.replacementType = random 16 | token.1.replacement = integer[0:10] 17 | -------------------------------------------------------------------------------- /tests/large/conf/eventgen_sample_end.conf: -------------------------------------------------------------------------------- 1 | [sample] 2 | sampleDir = ../sample 3 | mode = sample 4 | earliest = -15s 5 | sampletype = raw 6 | outputMode = file 7 | fileName = tests/large/results/eventgen_sample_end.result 8 | end = 1 9 | 10 | token.0.token = \d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2} 11 | token.0.replacementType = timestamp 12 | token.0.replacement = %Y-%m-%d %H:%M:%S 13 | 14 | token.1.token = @@integer 15 | token.1.replacementType = random 16 | token.1.replacement = integer[0:10] 17 | -------------------------------------------------------------------------------- /tests/large/conf/eventgen_sample_generatorWorkers.conf: -------------------------------------------------------------------------------- 1 | [global] 2 | generatorWorkers = 5 3 | 4 | [sample] 5 | sampleDir = ../sample 6 | mode = sample 7 | sampletype = raw 8 | outputMode = file 9 | end = 5 10 | interval = 20 11 | count = 10 12 | fileName = tests/large/results/eventgen_sample_generatorWorkers.result 13 | 14 | token.0.token = \d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2} 15 | token.0.replacementType = timestamp 16 | token.0.replacement = %Y-%m-%d %H:%M:%S 17 | 18 | token.1.token = @@integer 19 | token.1.replacementType = random 20 | token.1.replacement = integer[0:10] 21 | -------------------------------------------------------------------------------- /tests/large/conf/eventgen_sample_interval.conf: -------------------------------------------------------------------------------- 1 | [sample] 2 | sampleDir = ../sample 3 | mode = sample 4 | sampletype = raw 5 | outputMode = file 6 | fileName = tests/large/results/eventgen_sample_interval.result 7 | interval = 10 8 | 9 | token.0.token = \d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2} 10 | token.0.replacementType = timestamp 11 | token.0.replacement = %Y-%m-%d %H:%M:%S 12 | 13 | token.1.token = @@integer 14 | token.1.replacementType = random 15 | token.1.replacement = integer[0:10] 16 | -------------------------------------------------------------------------------- /tests/large/conf/eventgen_sample_latest.conf: -------------------------------------------------------------------------------- 1 | [sample] 2 | sampleDir = ../sample 3 | mode = sample 4 | latest = +15s 5 | sampletype = raw 6 | outputMode = file 7 | fileName = tests/large/results/eventgen_sample_latest.result 8 | end = 1 9 | 10 | token.0.token = \d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2} 11 | token.0.replacementType = timestamp 12 | token.0.replacement = %Y-%m-%d %H:%M:%S 13 | 14 | token.1.token = @@integer 15 | token.1.replacementType = random 16 | token.1.replacement = integer[0:10] 17 | -------------------------------------------------------------------------------- /tests/large/conf/eventgen_sample_multiprocess.conf: -------------------------------------------------------------------------------- 1 | [sample] 2 | sampleDir = ../sample 3 | mode = sample 4 | earliest = -15s 5 | sampletype = raw 6 | outputMode = stdout 7 | end = 1 8 | 9 | token.0.token = \d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2} 10 | token.0.replacementType = timestamp 11 | token.0.replacement = %Y-%m-%d %H:%M:%S 12 | 13 | token.1.token = @@integer 14 | token.1.replacementType = random 15 | token.1.replacement = integer[0:10] 16 | -------------------------------------------------------------------------------- /tests/large/conf/eventgen_sample_regex_csv.conf: -------------------------------------------------------------------------------- 1 | [timeorder.*] 2 | sampleDir = ../sample 3 | mode = sample 4 | sampletype = csv 5 | outputMode = stdout 6 | end = 1 7 | 8 | token.0.token = \d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2} 9 | token.0.replacementType = timestamp 10 | token.0.replacement = %Y-%m-%d %H:%M:%S 11 | 12 | token.1.token = @@integer 13 | token.1.replacementType = random 14 | token.1.replacement = integer[0:10] 15 | 16 | -------------------------------------------------------------------------------- /tests/large/conf/eventgen_sample_regex_integer.conf: -------------------------------------------------------------------------------- 1 | [sample\d] 2 | sampleDir = ../sample 3 | mode = sample 4 | earliest = -15s 5 | sampletype = raw 6 | outputMode = stdout 7 | end = 1 8 | 9 | token.0.token = \d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2} 10 | token.0.replacementType = timestamp 11 | token.0.replacement = %Y-%m-%d %H:%M:%S 12 | 13 | token.1.token = @@integer 14 | token.1.replacementType = random 15 | token.1.replacement = integer[0:10] 16 | -------------------------------------------------------------------------------- /tests/large/conf/eventgen_sample_regex_wildcard.conf: -------------------------------------------------------------------------------- 1 | [sample.*] 2 | sampleDir = ../sample 3 | mode = sample 4 | earliest = -15s 5 | sampletype = raw 6 | outputMode = stdout 7 | end = 1 8 | 9 | token.0.token = \d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2} 10 | token.0.replacementType = timestamp 11 | token.0.replacement = %Y-%m-%d %H:%M:%S 12 | 13 | token.1.token = @@integer 14 | token.1.replacementType = random 15 | token.1.replacement = integer[0:10] 16 | -------------------------------------------------------------------------------- /tests/large/conf/eventgen_token_replacement.conf: -------------------------------------------------------------------------------- 1 | [tokenreplacement.sample] 2 | sampleDir = ../sample 3 | mode = sample 4 | sampletype = raw 5 | outputMode = stdout 6 | end = 1 7 | 8 | token.0.token = "start":"(\d+) 9 | token.0.replacementType = timestamp 10 | token.0.replacement = %s 11 | 12 | token.1.token = "cp":"([\d\.]+) 13 | token.1.replacementType = file 14 | token.1.replacement = tests/large/sample/cp.csv 15 | 16 | token.2.token = "country":"(\w+) 17 | token.2.replacementType = mvfile 18 | token.2.replacement = tests/large/sample/city.csv:1 19 | 20 | token.3.token = "city":"(\w+) 21 | token.3.replacementType = file 22 | token.3.replacement = tests/large/sample/city.csv:2 23 | 24 | token.4.token = "lat":"(-?\d+.\d+) 25 | token.4.replacementType = file 26 | token.4.replacement = tests/large/sample/city.csv:4 27 | 28 | token.5.token = "long":"(-?\d+.\d+) 29 | token.5.replacementType = file 30 | token.5.replacement = tests/large/sample/city.csv:5 31 | 32 | token.6.token = "id":"([\w\-]+) 33 | token.6.replacementType = file 34 | token.6.replacement = tests/large/sample/id.csv 35 | 36 | token.7.token = "bytes":"(\d+) 37 | token.7.replacementType = random 38 | token.7.replacement = integer[40:5000] 39 | 40 | token.8.token = "cliIP":"(\d+.\d+.\d+.\d+) 41 | token.8.replacementType = file 42 | token.8.replacement = tests/large/sample/ip.csv 43 | 44 | token.9.token = "lastByte":"(\d+) 45 | token.9.replacementType = static 46 | token.9.replacement = 0 47 | 48 | token.10.token = "receiver_id":"(\d*) 49 | token.10.replacementType = integerid 50 | token.10.replacement = 1 51 | 52 | token.11.token = "Ak_IP":"(\d+.\d+.\d+.\d+) 53 | token.11.replacementType = random 54 | token.11.replacement = ipv4 55 | 56 | token.12.token = "forward-origin-ip":"(\d+.\d+.\d+.\d+) 57 | token.12.replacementType = random 58 | token.12.replacement = ipv6 59 | 60 | token.13.token = "end-user-ip":"(\d+.\d+.\d+.\d+) 61 | token.13.replacementType = random 62 | token.13.replacement = mac 63 | 64 | token.14.token = "lastMileRTT":"(\d+) 65 | token.14.replacementType = random 66 | token.14.replacement = float[-3.0:3.0] 67 | -------------------------------------------------------------------------------- /tests/large/conf/eventgen_tutorial1.conf: -------------------------------------------------------------------------------- 1 | [tutorial1\.csv] 2 | sampleDir = ../sample 3 | mode = replay 4 | sampletype = csv 5 | timeMultiple = .1 6 | outputMode = file 7 | fileName = tests/large/results/eventgen_tutorial1.result 8 | end = 1 9 | 10 | token.0.token = \d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2},\d{3,6} 11 | token.0.replacementType = replaytimestamp 12 | token.0.replacement = %Y-%m-%d %H:%M:%S,%f 13 | 14 | token.1.token = \d{2}-\d{2}-\d{4} \d{2}:\d{2}:\d{2}.\d{3,6} 15 | token.1.replacementType = replaytimestamp 16 | token.1.replacement = %m-%d-%Y %H:%M:%S.%f 17 | 18 | token.2.token = \d{2}/\w{3}/\d{4}:\d{2}:\d{2}:\d{2}.\d{3,6} 19 | token.2.replacementType = replaytimestamp 20 | token.2.replacement = %d/%b/%Y:%H:%M:%S.%f 21 | 22 | token.3.token = \d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2} 23 | token.3.replacementType = replaytimestamp 24 | token.3.replacement = %Y-%m-%d %H:%M:%S 25 | 26 | token.4.token = \d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2} 27 | token.4.replacementType = replaytimestamp 28 | token.4.replacement = %Y-%m-%dT%H:%M:%S 29 | -------------------------------------------------------------------------------- /tests/large/conftest.py: -------------------------------------------------------------------------------- 1 | import pytest 2 | from utils.eventgen_test_helper import EventgenTestHelper 3 | 4 | 5 | @pytest.fixture 6 | def eventgen_test_helper(): 7 | """Returns a function to create EventgenTestHelper instance based on config file""" 8 | created_instances = [] 9 | EventgenTestHelper.make_result_dir() 10 | 11 | def _create_eventgen_test_helper_instance(conf, timeout=None, mode=None, env=None): 12 | instance = EventgenTestHelper(conf, timeout, mode, env) 13 | created_instances.append(instance) 14 | return instance 15 | 16 | yield _create_eventgen_test_helper_instance 17 | 18 | for instance in created_instances: 19 | instance.tear_down() 20 | -------------------------------------------------------------------------------- /tests/large/provision/Dockerfile: -------------------------------------------------------------------------------- 1 | FROM splunk/splunk:7.3-debian 2 | 3 | RUN sudo apt-get update 4 | 5 | RUN echo "installing docker dependencies and development tools" && \ 6 | sudo apt-get --assume-yes install curl vim 7 | 8 | COPY ["provision.sh", "add_httpevent_collector.sh", "/opt/splunk/"] 9 | -------------------------------------------------------------------------------- /tests/large/provision/add_httpevent_collector.sh: -------------------------------------------------------------------------------- 1 | HTTP_INPUTS_PATH=/opt/splunk/etc/apps/search/local/inputs.conf 2 | echo "[http://test]" >> $HTTP_INPUTS_PATH 3 | echo "disabled = 0" >> $HTTP_INPUTS_PATH 4 | echo "token = 00000000-0000-0000-0000-000000000000" >> $HTTP_INPUTS_PATH 5 | echo "indexes = main,test_0,test_1" >> $HTTP_INPUTS_PATH 6 | -------------------------------------------------------------------------------- /tests/large/provision/docker-compose.yml: -------------------------------------------------------------------------------- 1 | version: "3.3" 2 | services: 3 | splunk: 4 | hostname: eventgensplunk 5 | image: provision_splunk:latest 6 | ports: 7 | - 8000:8000 8 | - 8089:8089 9 | - 8088:8088 10 | - 9997:9997 11 | environment: 12 | SPLUNK_START_ARGS: --answer-yes --no-prompt --accept-license 13 | # add `SHELL` env variable to make the `dircolors` happy 14 | SHELL: /bin/bash 15 | SPLUNK_PASSWORD: changeme 16 | volumes: 17 | # the `docker` command in guest can talk to host docker daemon 18 | - "/var/run/docker.sock:/var/run/docker.sock" 19 | # to make terminal colorful 20 | tty: true 21 | -------------------------------------------------------------------------------- /tests/large/provision/install_docker_compose.sh: -------------------------------------------------------------------------------- 1 | # should install docker-compose on circle ci env, but do not impact local mac os env 2 | if [[ ! -f /usr/local/bin/docker-compose ]]; then 3 | echo "Installing Linux docker-compose to /usr/local/bin" 4 | sudo curl -L "https://github.com/docker/compose/releases/download/1.24.0/docker-compose-Linux-x86_64" -o /usr/local/bin/docker-compose 5 | sudo chmod +x /usr/local/bin/docker-compose 6 | fi 7 | -------------------------------------------------------------------------------- /tests/large/provision/provision.sh: -------------------------------------------------------------------------------- 1 | #!/bin/sh 2 | 3 | SPLUNK_REST_BASE_URL="https://localhost:8089" 4 | SERVER_GENERAL_ENDPOINT="/servicesNS/nobody/search/configs/conf-server/general" 5 | 6 | echo "Enable remote login for Splunk..." 7 | curl --insecure --user admin:changeme $SPLUNK_REST_BASE_URL$SERVER_GENERAL_ENDPOINT --data allowRemoteLogin=always > /dev/null 8 | -------------------------------------------------------------------------------- /tests/large/results/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/splunk/eventgen/52542a6565ab75d7f1ad7debbdf75cfa9b79d226/tests/large/results/__init__.py -------------------------------------------------------------------------------- /tests/large/sample/breakersample: -------------------------------------------------------------------------------- 1 | 20110414114247.083068 2 | PercentProcessorTime=@@proc_time 3 | PercentUserTime=37 4 | wmi_type=CPUTime 5 | 6 | 20110414114247.083068 7 | PercentProcessorTime=100 8 | PercentUserTime=37 9 | wmi_type=CPUTime 10 | -------------------------------------------------------------------------------- /tests/large/sample/cisco: -------------------------------------------------------------------------------- 1 | 2014-01-04 20:00:00 WINDBAG Event 1 of 12 randint @@integer 2 | 2014-01-04 20:00:01 WINDBAG Event 2 of 12 randint @@integer 3 | 2014-01-04 20:00:02 WINDBAG Event 3 of 12 randint @@integer 4 | 2014-01-04 20:00:03 WINDBAG Event 4 of 12 randint @@integer 5 | 2014-01-04 20:00:03 WINDBAG Event 5 of 12 randint @@integer 6 | 2014-01-04 20:00:04 WINDBAG Event 6 of 12 randint @@integer 7 | 2014-01-04 20:00:05 WINDBAG Event 7 of 12 randint @@integer 8 | 2014-01-04 20:00:06 WINDBAG Event 8 of 12 randint @@integer 9 | 2014-01-04 20:00:08 WINDBAG Event 9 of 12 randint @@integer 10 | 2014-01-04 20:00:20 WINDBAG Event 10 of 12 randint @@integer 11 | 2014-01-04 20:00:21 WINDBAG Event 11 of 12 randint @@integer 12 | 2014-01-04 20:00:21 WINDBAG Event 12 of 12 randint @@integer 13 | -------------------------------------------------------------------------------- /tests/large/sample/cp.csv: -------------------------------------------------------------------------------- 1 | 113982 2 | 277253 3 | 323114 4 | -------------------------------------------------------------------------------- /tests/large/sample/ip.csv: -------------------------------------------------------------------------------- 1 | 23.1.114.234 2 | 23.196.178.234 3 | 2.18.38.133 4 | 23.206.226.234 5 | 23.36.18.234 6 | 23.222.163.2 7 | 23.49.130.234 8 | 23.9.114.234 9 | 23.193.193.93 10 | 23.64.226.234 11 | 23.65.190.60 12 | 23.54.195.171 13 | 23.66.101.44 14 | 184.24.45.246 15 | 96.7.98.234 16 | 23.52.146.234 17 | 104.68.130.22 18 | 23.79.66.234 19 | 23.193.146.234 20 | 23.40.194.234 21 | 23.73.98.234 22 | 172.230.152.7 23 | 172.226.83.142 24 | 23.209.98.234 25 | 2.20.87.84 26 | 23.59.194.234 27 | 23.13.50.64 28 | 23.32.247.31 29 | 23.37.242.234 30 | 23.43.178.234 31 | 23.54.2.234 32 | 23.222.99.56 33 | 23.49.146.234 34 | 184.84.116.212 35 | 23.212.37.167 36 | 23.204.18.234 37 | 23.211.2.234 38 | 23.211.178.234 39 | 23.37.50.234 40 | 23.210.66.234 41 | 23.10.23.51 42 | 23.46.135.199 43 | 23.223.57.10 44 | 172.226.181.19 45 | 23.54.130.234 46 | 23.72.219.130 47 | 23.7.180.214 48 | 23.59.114.234 49 | 23.75.195.158 50 | 23.74.225.180 51 | 173.223.242.234 52 | 23.214.18.234 53 | 23.6.98.234 54 | 23.46.210.234 55 | 23.65.2.234 56 | 104.67.170.142 57 | 23.33.67.116 58 | 104.68.8.33 59 | 23.58.226.197 60 | 23.53.146.234 61 | 23.77.18.234 62 | 23.63.195.40 63 | 2.20.98.234 64 | 96.16.220.139 65 | 23.50.146.234 66 | 184.51.208.185 67 | 23.201.210.234 68 | 23.41.0.20 69 | 23.194.50.234 70 | 23.214.154.131 71 | 95.100.126.200 72 | 172.229.194.234 73 | 23.50.82.234 74 | 23.4.132.102 75 | 23.79.99.50 76 | 23.218.215.93 77 | 23.203.2.234 78 | 23.57.210.234 79 | 23.195.122.147 80 | 23.64.114.13 81 | 23.37.151.160 82 | 23.53.210.234 83 | 172.231.252.196 84 | 104.73.32.231 85 | 23.43.66.234 86 | 23.197.11.186 87 | 23.73.162.234 88 | 23.51.51.183 89 | 23.220.18.234 90 | 104.66.212.185 91 | 23.73.2.234 92 | 23.63.84.195 93 | 23.212.200.244 94 | 2.16.47.42 95 | 172.233.88.222 96 | 23.49.226.234 97 | 23.74.82.234 98 | 23.76.178.234 99 | 23.212.226.234 100 | 23.36.34.234 101 | -------------------------------------------------------------------------------- /tests/large/sample/replay: -------------------------------------------------------------------------------- 1 | 2014-01-04 20:00:00 WINDBAG Event 1 of 12 randint @@integer 2 | 2014-01-04 20:00:01 WINDBAG Event 2 of 12 randint @@integer 3 | 2014-01-04 20:00:02 WINDBAG Event 3 of 12 randint @@integer 4 | 2014-01-04 20:00:03 WINDBAG Event 4 of 12 randint @@integer 5 | 2014-01-04 20:00:03 WINDBAG Event 5 of 12 randint @@integer 6 | 2014-01-04 20:00:04 WINDBAG Event 6 of 12 randint @@integer 7 | 2014-01-04 20:00:05 WINDBAG Event 7 of 12 randint @@integer 8 | 2014-01-04 20:00:06 WINDBAG Event 8 of 12 randint @@integer 9 | 2014-01-04 20:00:08 WINDBAG Event 9 of 12 randint @@integer 10 | 2014-01-04 20:00:20 WINDBAG Event 10 of 12 randint @@integer 11 | 2014-01-04 20:00:21 WINDBAG Event 11 of 12 randint @@integer 12 | 2014-01-04 20:00:21 WINDBAG Event 12 of 12 randint @@integer 13 | -------------------------------------------------------------------------------- /tests/large/sample/sample: -------------------------------------------------------------------------------- 1 | 2014-01-04 20:00:00 WINDBAG Event 1 of 12 randint @@integer 2 | 2014-01-04 20:00:01 WINDBAG Event 2 of 12 randint @@integer 3 | 2014-01-04 20:00:02 WINDBAG Event 3 of 12 randint @@integer 4 | 2014-01-04 20:00:03 WINDBAG Event 4 of 12 randint @@integer 5 | 2014-01-04 20:00:03 WINDBAG Event 5 of 12 randint @@integer 6 | 2014-01-04 20:00:04 WINDBAG Event 6 of 12 randint @@integer 7 | 2014-01-04 20:00:05 WINDBAG Event 7 of 12 randint @@integer 8 | 2014-01-04 20:00:06 WINDBAG Event 8 of 12 randint @@integer 9 | 2014-01-04 20:00:08 WINDBAG Event 9 of 12 randint @@integer 10 | 2014-01-04 20:00:20 WINDBAG Event 10 of 12 randint @@integer 11 | 2014-01-04 20:00:21 WINDBAG Event 11 of 12 randint @@integer 12 | 2014-01-04 20:00:21 WINDBAG Event 12 of 12 randint @@integer 13 | -------------------------------------------------------------------------------- /tests/large/sample/sample1: -------------------------------------------------------------------------------- 1 | 2014-01-04 20:00:00 WINDBAG Event 1 of 12 randint @@integer 2 | 2014-01-04 20:00:01 WINDBAG Event 2 of 12 randint @@integer 3 | 2014-01-04 20:00:02 WINDBAG Event 3 of 12 randint @@integer 4 | 2014-01-04 20:00:03 WINDBAG Event 4 of 12 randint @@integer 5 | 2014-01-04 20:00:03 WINDBAG Event 5 of 12 randint @@integer 6 | 2014-01-04 20:00:04 WINDBAG Event 6 of 12 randint @@integer 7 | 2014-01-04 20:00:05 WINDBAG Event 7 of 12 randint @@integer 8 | 2014-01-04 20:00:06 WINDBAG Event 8 of 12 randint @@integer 9 | 2014-01-04 20:00:08 WINDBAG Event 9 of 12 randint @@integer 10 | 2014-01-04 20:00:20 WINDBAG Event 10 of 12 randint @@integer 11 | 2014-01-04 20:00:21 WINDBAG Event 11 of 12 randint @@integer 12 | 2014-01-04 20:00:21 WINDBAG Event 12 of 12 randint @@integer 13 | -------------------------------------------------------------------------------- /tests/large/sample/sample2: -------------------------------------------------------------------------------- 1 | 2014-01-04 20:00:00 WINDBAG Event 1 of 12 randint @@integer 2 | 2014-01-04 20:00:01 WINDBAG Event 2 of 12 randint @@integer 3 | 2014-01-04 20:00:02 WINDBAG Event 3 of 12 randint @@integer 4 | 2014-01-04 20:00:03 WINDBAG Event 4 of 12 randint @@integer 5 | 2014-01-04 20:00:03 WINDBAG Event 5 of 12 randint @@integer 6 | 2014-01-04 20:00:04 WINDBAG Event 6 of 12 randint @@integer 7 | 2014-01-04 20:00:05 WINDBAG Event 7 of 12 randint @@integer 8 | 2014-01-04 20:00:06 WINDBAG Event 8 of 12 randint @@integer 9 | 2014-01-04 20:00:08 WINDBAG Event 9 of 12 randint @@integer 10 | 2014-01-04 20:00:20 WINDBAG Event 10 of 12 randint @@integer 11 | 2014-01-04 20:00:21 WINDBAG Event 11 of 12 randint @@integer 12 | 2014-01-04 20:00:21 WINDBAG Event 12 of 12 randint @@integer 13 | -------------------------------------------------------------------------------- /tests/large/sample/templates/test_jinja_tmpl_advance.j2: -------------------------------------------------------------------------------- 1 | {% for idx in range(large_number) %} 2 | {%- time_slice earliest="1234", latest="2345", count=loop.index, slices="5" -%} 3 | {% if flag %} 4 | {"_time":"{{ time_target_epoch }}", "_raw":"{{ time_target_formatted }} [{{username}}] test jinja template advance, switch={{flag}}, seq: {{loop.index}}/{{large_number}} 5 | this is the 2nd line, seq:{{loop.index}}/{{large_number}} 6 | this is the 3rd line, seq:{{loop.index}}/{{large_number}}"} 7 | {% else %} 8 | {"_time":"{{ time_target_epoch }}", "_raw":"{{ time_target_formatted }} [{{username}}] test jinja template generator, switch={{flag}}, seq: {{loop.index}}/{{large_number}}"} 9 | {% endif %} 10 | {% endfor %} 11 | -------------------------------------------------------------------------------- /tests/large/sample/templates/test_jinja_tmpl_simple.j2: -------------------------------------------------------------------------------- 1 | {% for _ in range(0, large_number) %} 2 | {%- time_now -%} 3 | {"_time":"{{ time_now_epoch }}", "_raw":"{{ time_now_formatted }} test jinja template generator, seq: {{loop.index}}/{{large_number}}"} 4 | {% endfor %} -------------------------------------------------------------------------------- /tests/large/sample/templates_4_test/test_jinja_tmpl_dir.j2: -------------------------------------------------------------------------------- 1 | {% for _ in range(0, large_number) %} 2 | {%- time_now -%} 3 | {"_time":"{{ time_now_epoch }}", "_raw":"{{ time_now_formatted }} test jinja template directory conf, seq: {{loop.index}}/{{large_number}}"} 4 | {% endfor %} -------------------------------------------------------------------------------- /tests/large/sample/timezone.csv: -------------------------------------------------------------------------------- 1 | _time,_raw,index,host,source,sourcetype 2 | "2015-08-18 16:28:54,569","2015-08-18T16:28:54,569 INFO streams_utils:24 - utils::readAsJson:: /usr/local/bamboo/itsi-demo/local/splunk/etc/apps/splunk_app_stream/local/apps",_internal,host5.foobar.com,/usr/local/bamboo/itsi-demo/local/splunk/var/log/splunk/splunk_app_stream.log,splunk_app_stream.log 3 | "2015-08-18 16:28:54,568","2015-08-18T16:28:54,568 INFO streams_utils:74 - create dir /usr/local/bamboo/itsi-demo/local/splunk/etc/apps/splunk_app_stream/local/",_internal,host5.foobar.com,/usr/local/bamboo/itsi-demo/local/splunk/var/log/splunk/splunk_app_stream.log,splunk_app_stream.log 4 | "2015-08-18 16:28:52,270","2015-08-18T16:28:52,270 ERROR pid=16324 tid=MainThread file=__init__.py:execute:957 | Execution failed: [HTTP 401] Client is not authenticated",_internal,host5.foobar.com,/usr/local/bamboo/itsi-demo/local/splunk/var/log/splunk/python_modular_input.log,python_modular_input 5 | "2015-08-18 16:28:52,247","2015-08-18T16:28:52,247 INFO pid=16324 tid=MainThread file=__init__.py:execute:906 | Execute called",_internal,host5.foobar.com,/usr/local/bamboo/itsi-demo/local/splunk/var/log/splunk/python_modular_input.log,python_modular_input 6 | -------------------------------------------------------------------------------- /tests/large/splunk/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/splunk/eventgen/52542a6565ab75d7f1ad7debbdf75cfa9b79d226/tests/large/splunk/__init__.py -------------------------------------------------------------------------------- /tests/large/splunk/appserver/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/splunk/eventgen/52542a6565ab75d7f1ad7debbdf75cfa9b79d226/tests/large/splunk/appserver/__init__.py -------------------------------------------------------------------------------- /tests/large/splunk/appserver/mrsparkle/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/splunk/eventgen/52542a6565ab75d7f1ad7debbdf75cfa9b79d226/tests/large/splunk/appserver/mrsparkle/__init__.py -------------------------------------------------------------------------------- /tests/large/splunk/appserver/mrsparkle/lib/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/splunk/eventgen/52542a6565ab75d7f1ad7debbdf75cfa9b79d226/tests/large/splunk/appserver/mrsparkle/lib/__init__.py -------------------------------------------------------------------------------- /tests/large/splunk/appserver/mrsparkle/lib/util.py: -------------------------------------------------------------------------------- 1 | import os 2 | 3 | 4 | def make_splunkhome_path(*args): 5 | splunk_test_dir = os.path.dirname( 6 | os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))) 7 | ) 8 | tests_large_dir = os.path.dirname(splunk_test_dir) 9 | return os.path.join(tests_large_dir, "results", "test_modinput.log") 10 | -------------------------------------------------------------------------------- /tests/large/splunk/clilib/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/splunk/eventgen/52542a6565ab75d7f1ad7debbdf75cfa9b79d226/tests/large/splunk/clilib/__init__.py -------------------------------------------------------------------------------- /tests/large/splunk/clilib/bundle_paths.py: -------------------------------------------------------------------------------- 1 | import os 2 | 3 | 4 | def make_splunkhome_path(*args): 5 | tests_dir = os.path.dirname( 6 | os.path.dirname(os.path.dirname(os.path.dirname(os.path.abspath(__file__)))) 7 | ) 8 | project_dir = os.path.dirname(tests_dir) 9 | return os.path.join(project_dir, "splunk_eventgen", "splunk_app", "lib") 10 | 11 | 12 | def get_slaveapps_base_path(): 13 | pass 14 | -------------------------------------------------------------------------------- /tests/large/splunk/clilib/cli_common.py: -------------------------------------------------------------------------------- 1 | def get(name): 2 | return {} 3 | 4 | 5 | def getMergedConf(name): 6 | return {} 7 | -------------------------------------------------------------------------------- /tests/large/splunk/input.xml: -------------------------------------------------------------------------------- 1 | tiny https://127.0.0.1:8089 fXhJvxJRjP^7Vamh5^ZL^QIH^gdTSbtMzTw71DHdyhvGME5bZdntqBiDy2vDl2WQ6ey1s6EzkU1LT8yU30kS_gNWh5bJjabd2bs0Z6Ab04Gq7F1Buc6vGv0FeGFH /opt/splunk 0 main 2 | -------------------------------------------------------------------------------- /tests/large/splunk/models/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/splunk/eventgen/52542a6565ab75d7f1ad7debbdf75cfa9b79d226/tests/large/splunk/models/__init__.py -------------------------------------------------------------------------------- /tests/large/splunk/models/app.py: -------------------------------------------------------------------------------- 1 | class App(object): 2 | @classmethod 3 | def get(cls): 4 | pass 5 | -------------------------------------------------------------------------------- /tests/large/splunk/version.py: -------------------------------------------------------------------------------- 1 | __version__ = "7.0.0" 2 | -------------------------------------------------------------------------------- /tests/large/test_extend_index.py: -------------------------------------------------------------------------------- 1 | from utils.splunk_search_util import ( 2 | get_search_response, 3 | get_session_key, 4 | preprocess_search, 5 | run_search, 6 | ) 7 | 8 | 9 | def test_extend_index(eventgen_test_helper): 10 | """Test extendIndexes config""" 11 | eventgen_test_helper("eventgen_extend_index.conf").get_events() 12 | 13 | session_key = get_session_key() 14 | search_job_id = run_search( 15 | session_key, preprocess_search("index=main sourcetype=cisco") 16 | ) 17 | test_index_search_job_id = run_search( 18 | session_key, preprocess_search("index=test_*") 19 | ) 20 | main_events = get_search_response(session_key, search_job_id) 21 | test_index_events = get_search_response(session_key, test_index_search_job_id) 22 | assert len(main_events) == 12 23 | assert len(test_index_events) == 12 24 | -------------------------------------------------------------------------------- /tests/large/test_mode_sample_multiprocess.py: -------------------------------------------------------------------------------- 1 | import re 2 | from datetime import datetime 3 | 4 | 5 | def test_mode_sample(eventgen_test_helper): 6 | """Test sample mode with end=1 in multiprocess mode""" 7 | current_datetime = datetime.now() 8 | helper = eventgen_test_helper( 9 | "eventgen_sample_multiprocess.conf", timeout=None, mode="process" 10 | ) 11 | events = helper.get_events() 12 | # assert the event length is the same as sample file size when end = 1 13 | assert len(events) == 12 14 | 15 | pattern = re.compile(r"\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}") 16 | for event in events: 17 | # assert that integer token is replaced 18 | assert "@@integer" not in event 19 | result = pattern.match(event) 20 | assert result is not None 21 | event_datetime = datetime.strptime(result.group(), "%Y-%m-%d %H:%M:%S") 22 | delter_seconds = (event_datetime - current_datetime).total_seconds() 23 | # assert the event time is after (now - earliest) time 24 | assert delter_seconds > -20 25 | -------------------------------------------------------------------------------- /tests/large/test_modular_input.py: -------------------------------------------------------------------------------- 1 | import os 2 | import sys 3 | 4 | 5 | def test_modular_input(mocker, capsys): 6 | # mock the splunk related module when used in modular input 7 | sys.modules["bundle_paths"] = __import__("splunk.clilib.bundle_paths") 8 | sys.modules["cli_common"] = __import__("splunk.clilib.cli_common") 9 | sys.modules["entity"] = __import__("splunk.entity") 10 | 11 | # eventgen base directory 12 | base_dir = os.path.dirname( 13 | os.path.dirname(os.path.dirname(os.path.abspath(__file__))) 14 | ) 15 | 16 | from splunk_eventgen.splunk_app.bin.modinput_eventgen import Eventgen 17 | 18 | # input xml stream used to start modular input 19 | input_stream_path = os.path.join(base_dir, "tests", "large", "splunk", "input.xml") 20 | 21 | mocker.patch("sys.argv", ["", "--infile", input_stream_path]) 22 | worker = Eventgen() 23 | worker.execute() 24 | 25 | # capture the generated events from std out 26 | captured = capsys.readouterr() 27 | assert "" in captured.out 28 | assert "" in captured.out 29 | assert "" in captured.out 30 | -------------------------------------------------------------------------------- /tests/large/test_output_modinput.py: -------------------------------------------------------------------------------- 1 | import datetime 2 | import os 3 | import re 4 | import subprocess 5 | import time 6 | 7 | from lxml import etree 8 | 9 | file_dir = os.path.abspath(os.path.dirname(__file__)) 10 | 11 | 12 | def now_seconds(): 13 | return round(time.time(), 0) 14 | 15 | 16 | def test_output_plugin_modinput(): 17 | """ 18 | Test modinput output plugin 19 | """ 20 | conf_file = os.path.join(file_dir, "conf", "eventgen_output_modinput.conf") 21 | child = subprocess.Popen( 22 | ["splunk_eventgen", "generate", conf_file], stdout=subprocess.PIPE 23 | ) 24 | all_events = child.communicate()[0].decode("UTF-8") 25 | 26 | parts = all_events.split("") 27 | events = ["" + p for p in parts if p.strip() != ""] 28 | for e in events: 29 | root = etree.fromstring(e) 30 | assert root.tag == "event" 31 | ts = root[0] 32 | assert ts.tag == "time" 33 | ts_int = int(ts.text) 34 | assert now_seconds() - ts_int < 30 35 | idx = root[1] 36 | assert idx.tag == "index" 37 | assert idx.text == "main" 38 | src = root[2] 39 | assert src.tag == "source" 40 | assert src.text == "eventgen" 41 | st = root[3] 42 | assert st.tag == "sourcetype" 43 | assert st.text == "eventgen" 44 | h = root[4] 45 | assert h.tag == "host" 46 | assert h.text == "127.0.0.1" 47 | d = root[5] 48 | assert d.tag == "data" 49 | ts_str = datetime.datetime.fromtimestamp(ts_int).strftime("%Y-%m-%d %H:%M:%S") 50 | raw = d.text.strip() 51 | assert raw.startswith(ts_str) 52 | p = re.compile(r"WINDBAG Event (\d+) of 12 randint (\d+)") 53 | m = p.search(raw) 54 | assert m is not None 55 | assert len(m.groups()) == 2 56 | -------------------------------------------------------------------------------- /tests/large/test_output_plugin.py: -------------------------------------------------------------------------------- 1 | from tests.large.utils.splunk_search_util import ( 2 | get_search_response, 3 | get_session_key, 4 | preprocess_search, 5 | run_search, 6 | ) 7 | 8 | 9 | def test_plugin_devnull(eventgen_test_helper): 10 | """Test output plugin devnull""" 11 | events = eventgen_test_helper("eventgen_plugin_devnull.conf").get_events() 12 | # assert the events size is 0 13 | assert len(events) == 0 14 | 15 | 16 | def test_plugin_file(eventgen_test_helper): 17 | """Test output plugin file""" 18 | events = eventgen_test_helper("eventgen_plugin_file.conf").get_events() 19 | # assert the events size is 12 when end = 1 20 | assert len(events) == 12 21 | 22 | 23 | def test_plugin_httpevent(eventgen_test_helper): 24 | """Test output plugin httpevent""" 25 | eventgen_test_helper("eventgen_plugin_httpevent.conf").get_events() 26 | 27 | session_key = get_session_key() 28 | search_job_id = run_search( 29 | session_key, preprocess_search("index=main sourcetype=httpevent") 30 | ) 31 | events = get_search_response(session_key, search_job_id) 32 | assert len(events) == 12 33 | 34 | 35 | def test_plugin_s2s(eventgen_test_helper): 36 | """Test output plugin s2s""" 37 | eventgen_test_helper("eventgen_plugin_s2s.conf").get_events() 38 | session_key = get_session_key() 39 | search_job_id = run_search( 40 | session_key, preprocess_search("index=main sourcetype=s2s") 41 | ) 42 | events = get_search_response(session_key, search_job_id) 43 | assert len(events) == 12 44 | 45 | 46 | def test_plugin_splunkstream(eventgen_test_helper): 47 | """Test output plugin splunkstream""" 48 | eventgen_test_helper( 49 | "eventgen_plugin_splunkstream.conf", env={"PYTHONHTTPSVERIFY": "0"} 50 | ).get_events() 51 | session_key = get_session_key() 52 | search_job_id = run_search( 53 | session_key, preprocess_search("index=main sourcetype=splunkstream") 54 | ) 55 | events = get_search_response(session_key, search_job_id) 56 | assert len(events) == 12 57 | 58 | 59 | def test_plugin_spool(eventgen_test_helper): 60 | """Test output plugin spool""" 61 | events = eventgen_test_helper("eventgen_plugin_spool.conf").get_events() 62 | assert len(events) == 12 63 | -------------------------------------------------------------------------------- /tests/large/test_perdayvolume.py: -------------------------------------------------------------------------------- 1 | from pytest import mark 2 | 3 | 4 | def calculate_perdayvolume(events, runtime, interval=60): 5 | # Calculate expected data volume output (GB) if run for 24 hours 6 | # Get the integer # of intervals, data is only generated on completion of an interval 7 | num_intervals = runtime // interval 8 | event_volume = sum([len(event) for event in events]) 9 | total_volume = event_volume / 1024 / 1024 / 1024 * 60 * 24 10 | perdayvolume = total_volume / num_intervals 11 | return perdayvolume 12 | 13 | 14 | @mark.parametrize( 15 | ("conf_filename", "execution_timeout", "perdayvolume"), 16 | [ 17 | ("eventgen_perdayvolume.conf", 300, 1), 18 | ("eventgen_perdayvolume_small_token.conf", 300, 1), 19 | ("eventgen_perdayvolume_large_token.conf", 300, 1), 20 | ], 21 | ) 22 | def test_perdayvolume( 23 | eventgen_test_helper, conf_filename, execution_timeout, perdayvolume 24 | ): 25 | # Test accuracy of small volume target with no token replacements 26 | # TODO: using outputMode=file for now, test helper unable to collect all generated events w/ outputMode=stdout 27 | events = eventgen_test_helper(conf_filename, execution_timeout).get_events() 28 | assert ( 29 | 0.98 < (calculate_perdayvolume(events, execution_timeout) / perdayvolume) < 1.02 30 | ) 31 | -------------------------------------------------------------------------------- /tests/large/utils/__init__.py: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/splunk/eventgen/52542a6565ab75d7f1ad7debbdf75cfa9b79d226/tests/large/utils/__init__.py -------------------------------------------------------------------------------- /tests/medium/plugins/test_file_output.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | # encoding: utf-8 3 | 4 | import os 5 | import sys 6 | 7 | from mock import patch 8 | 9 | from splunk_eventgen.__main__ import parse_args 10 | from splunk_eventgen.eventgen_core import EventGenerator 11 | 12 | FILE_DIR = os.path.dirname(os.path.abspath(__file__)) 13 | 14 | 15 | class TestFileOutputPlugin(object): 16 | def test_output_data_to_file(self): 17 | configfile = os.path.join( 18 | FILE_DIR, 19 | "..", 20 | "..", 21 | "sample_eventgen_conf", 22 | "medium_test", 23 | "eventgen.conf.fileoutput", 24 | ) 25 | testargs = ["eventgen", "generate", configfile] 26 | with patch.object(sys, "argv", testargs): 27 | pargs = parse_args() 28 | assert pargs.subcommand == "generate" 29 | assert pargs.configfile == configfile 30 | eventgen = EventGenerator(args=pargs) 31 | eventgen.start() 32 | 33 | file_output_path = os.path.abspath( 34 | os.path.join(FILE_DIR, "..", "..", "..", "test_file_output.result") 35 | ) 36 | assert os.path.isfile(file_output_path) 37 | with open(file_output_path, "r") as outfile: 38 | line_count = 1 39 | for output_line in outfile: 40 | if not output_line or line_count == 6: 41 | break 42 | assert "WINDBAG Event {} of 5".format(line_count) in output_line 43 | line_count += 1 44 | 45 | # tear down 46 | if os.path.isfile(file_output_path): 47 | os.remove(file_output_path) 48 | -------------------------------------------------------------------------------- /tests/medium/plugins/test_jinja_generator.py: -------------------------------------------------------------------------------- 1 | import os 2 | import sys 3 | 4 | from mock import patch 5 | 6 | from splunk_eventgen.__main__ import parse_args 7 | from splunk_eventgen.eventgen_core import EventGenerator 8 | 9 | FILE_DIR = os.path.dirname(os.path.abspath(__file__)) 10 | OUTPUT_FILE = "test_jinja_generator_file_output.result" 11 | 12 | 13 | class TestJinjaGenerator(object): 14 | def test_jinja_generator_to_file(self): 15 | configfile = os.path.join( 16 | FILE_DIR, 17 | "..", 18 | "..", 19 | "sample_eventgen_conf", 20 | "jinja", 21 | "eventgen.conf.jinja_basic", 22 | ) 23 | testargs = ["eventgen", "generate", configfile] 24 | file_output_path = os.path.abspath( 25 | os.path.join(FILE_DIR, "..", "..", "..", OUTPUT_FILE) 26 | ) 27 | # remove the result file if it exists 28 | if os.path.exists(file_output_path): 29 | os.remove(file_output_path) 30 | 31 | with patch.object(sys, "argv", testargs): 32 | pargs = parse_args() 33 | assert pargs.subcommand == "generate" 34 | assert pargs.configfile == configfile 35 | eventgen = EventGenerator(args=pargs) 36 | eventgen.start() 37 | 38 | assert os.path.isfile(file_output_path) 39 | 40 | with open(file_output_path, "r") as outfile: 41 | line_count = 1 42 | for output_line in outfile: 43 | if not output_line or line_count == 11: 44 | break 45 | assert "I like little windbags" in output_line 46 | assert "Im at: {0} out of: 10".format(line_count) in output_line 47 | line_count += 1 48 | 49 | # tear down 50 | if os.path.isfile(file_output_path): 51 | os.remove(file_output_path) 52 | -------------------------------------------------------------------------------- /tests/medium/plugins/test_scs_output.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | # encoding: utf-8 3 | 4 | import os 5 | import sys 6 | 7 | from mock import MagicMock, patch 8 | 9 | from splunk_eventgen.__main__ import parse_args 10 | from splunk_eventgen.eventgen_core import EventGenerator 11 | from splunk_eventgen.lib.plugins.output.scsout import SCSOutputPlugin 12 | 13 | FILE_DIR = os.path.dirname(os.path.abspath(__file__)) 14 | 15 | 16 | class TestSCSOutputPlugin(object): 17 | def test_output_data_to_scs(self): 18 | configfile = "tests/sample_eventgen_conf/medium_test/eventgen.conf.scsoutput" 19 | testargs = ["eventgen", "generate", configfile] 20 | with patch.object(sys, "argv", testargs): 21 | pargs = parse_args() 22 | assert pargs.subcommand == "generate" 23 | assert pargs.configfile == configfile 24 | eventgen = EventGenerator(args=pargs) 25 | with patch("requests_futures.sessions.FuturesSession.post"): 26 | sample = MagicMock() 27 | scsoutput = SCSOutputPlugin(sample) 28 | 29 | eventgen.start() 30 | scsoutput.session.post.assert_called() 31 | assert scsoutput.session.post.call_count == 1 32 | -------------------------------------------------------------------------------- /tests/medium/plugins/test_syslog_output.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | # encoding: utf-8 3 | 4 | import os 5 | import sys 6 | 7 | from mock import MagicMock, patch 8 | 9 | from splunk_eventgen.__main__ import parse_args 10 | from splunk_eventgen.eventgen_core import EventGenerator 11 | from splunk_eventgen.lib.plugins.output.syslogout import SyslogOutOutputPlugin 12 | 13 | FILE_DIR = os.path.dirname(os.path.abspath(__file__)) 14 | 15 | 16 | class TestSyslogOutputPlugin(object): 17 | def test_output_data_to_syslog(self): 18 | configfile = "tests/sample_eventgen_conf/medium_test/eventgen.conf.syslogoutput" 19 | testargs = ["eventgen", "generate", configfile] 20 | with patch.object(sys, "argv", testargs): 21 | with patch("logging.getLogger"): 22 | pargs = parse_args() 23 | assert pargs.subcommand == "generate" 24 | assert pargs.configfile == configfile 25 | eventgen = EventGenerator(args=pargs) 26 | 27 | sample = MagicMock() 28 | sample.name = "test" 29 | sample.syslogDestinationHost = "127.0.0.1" 30 | sample.syslogDestinationPort = 9999 31 | syslogoutput = SyslogOutOutputPlugin(sample) 32 | 33 | eventgen.start() 34 | for i in range(1, 6): 35 | appearance = False 36 | for logger_call in syslogoutput._l.info.call_args_list: 37 | if "WINDBAG Event {} of 5".format(i) in str(logger_call): 38 | appearance = True 39 | if not appearance: 40 | assert False 41 | -------------------------------------------------------------------------------- /tests/medium/plugins/test_syslog_output_with_header.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python 2 | # encoding: utf-8 3 | 4 | import os 5 | import sys 6 | 7 | from mock import MagicMock, patch 8 | 9 | from splunk_eventgen.__main__ import parse_args 10 | from splunk_eventgen.eventgen_core import EventGenerator 11 | from splunk_eventgen.lib.plugins.output.syslogout import SyslogOutOutputPlugin 12 | 13 | FILE_DIR = os.path.dirname(os.path.abspath(__file__)) 14 | 15 | 16 | class TestSyslogOutputWithHeaderPlugin(object): 17 | def test_output_data_to_syslog_with_header(self): 18 | configfile = "tests/sample_eventgen_conf/medium_test/eventgen.conf.syslogoutputwithheader" 19 | testargs = ["eventgen", "generate", configfile] 20 | with patch.object(sys, "argv", testargs): 21 | with patch("logging.getLogger"): 22 | pargs = parse_args() 23 | assert pargs.subcommand == "generate" 24 | assert pargs.configfile == configfile 25 | eventgen = EventGenerator(args=pargs) 26 | 27 | sample = MagicMock() 28 | sample.name = "test" 29 | sample.syslogDestinationHost = "127.0.0.1" 30 | sample.syslogDestinationPort = 9999 31 | syslogoutput = SyslogOutOutputPlugin(sample) 32 | 33 | eventgen.start() 34 | for i in range(1, 6): 35 | appearance = False 36 | for logger_call in syslogoutput._l.info.call_args_list: 37 | if "WINDBAG Event {} of 5".format(i) in str(logger_call): 38 | appearance = True 39 | if not appearance: 40 | assert False 41 | -------------------------------------------------------------------------------- /tests/medium/plugins/test_tcp_output.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | # encoding: utf-8 3 | 4 | import os 5 | import sys 6 | 7 | from mock import MagicMock, patch 8 | 9 | from splunk_eventgen.__main__ import parse_args 10 | from splunk_eventgen.eventgen_core import EventGenerator 11 | from splunk_eventgen.lib.plugins.output.tcpout import TcpOutputPlugin 12 | 13 | FILE_DIR = os.path.dirname(os.path.abspath(__file__)) 14 | 15 | 16 | class TestTcpOutputPlugin(object): 17 | def test_output_data_to_tcp_port(self): 18 | configfile = "tests/sample_eventgen_conf/medium_test/eventgen.conf.tcpoutput" 19 | testargs = ["eventgen", "generate", configfile] 20 | with patch.object(sys, "argv", testargs): 21 | pargs = parse_args() 22 | assert pargs.subcommand == "generate" 23 | assert pargs.configfile == configfile 24 | eventgen = EventGenerator(args=pargs) 25 | 26 | with patch("socket.socket") as mock_requests: 27 | sample = MagicMock() 28 | tcpoutput = TcpOutputPlugin(sample) 29 | mock_requests.send = MagicMock() 30 | mock_requests.connect = MagicMock() 31 | post_resp = MagicMock() 32 | post_resp.raise_for_status = MagicMock() 33 | mock_requests.post.return_value = MagicMock() 34 | mock_requests.connect.return_value = True 35 | 36 | eventgen.start() 37 | tcpoutput.s.connect.assert_called_with(("127.0.0.1", 9999)) 38 | assert tcpoutput.s.send.call_count == 5 39 | -------------------------------------------------------------------------------- /tests/medium/plugins/test_udp_output.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | # encoding: utf-8 3 | 4 | import os 5 | import sys 6 | 7 | from mock import MagicMock, patch 8 | 9 | from splunk_eventgen.__main__ import parse_args 10 | from splunk_eventgen.eventgen_core import EventGenerator 11 | from splunk_eventgen.lib.plugins.output.udpout import UdpOutputPlugin 12 | 13 | FILE_DIR = os.path.dirname(os.path.abspath(__file__)) 14 | 15 | 16 | class TestUdpOutputPlugin(object): 17 | def test_output_data_to_udp_port(self): 18 | configfile = "tests/sample_eventgen_conf/medium_test/eventgen.conf.udpoutput" 19 | testargs = ["eventgen", "generate", configfile] 20 | with patch.object(sys, "argv", testargs): 21 | pargs = parse_args() 22 | assert pargs.subcommand == "generate" 23 | assert pargs.configfile == configfile 24 | eventgen = EventGenerator(args=pargs) 25 | 26 | with patch("socket.socket") as mock_requests: 27 | sample = MagicMock() 28 | udpoutput = UdpOutputPlugin(sample) 29 | mock_requests.sendto = MagicMock() 30 | mock_requests.connect = MagicMock() 31 | post_resp = MagicMock() 32 | post_resp.raise_for_status = MagicMock() 33 | mock_requests.post.return_value = MagicMock() 34 | 35 | eventgen.start() 36 | assert not udpoutput.s.connect.called 37 | assert udpoutput.s.sendto.call_count == 5 38 | -------------------------------------------------------------------------------- /tests/perf/eventgen.conf.test1: -------------------------------------------------------------------------------- 1 | [windbag] 2 | sampleDir = ../../splunk_eventgen/samples 3 | generator = windbag 4 | outputMode = httpevent 5 | httpeventServers = {"servers":[{ "protocol":"https", "address":"", "port":"", "key":""}]} 6 | index = eg 7 | sourcetype = eventgen-6 8 | source = eg6.log 9 | host = localhost 10 | threading = process 11 | 12 | # Increase the perDayVolume until the output queue backs up 13 | perDayVolume = 14 | -------------------------------------------------------------------------------- /tests/perf/eventgen.conf.test2: -------------------------------------------------------------------------------- 1 | [windbag] 2 | sampleDir = ../../splunk_eventgen/samples 3 | outputMode = httpevent 4 | httpeventServers = {"servers":[{ "protocol":"https", "address":"", "port":"", "key":""}]} 5 | index = eg 6 | sourcetype = eventgen-6 7 | source = eg6.log 8 | host = localhost 9 | threading = process 10 | 11 | # Increase the perDayVolume until the output queue backs up 12 | perDayVolume = 13 | 14 | token.0.token = \d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2} 15 | token.0.replacementType = timestamp 16 | token.0.replacement = %Y-%m-%d %H:%M:%S 17 | -------------------------------------------------------------------------------- /tests/perf/eventgen.conf.test3: -------------------------------------------------------------------------------- 1 | [windbag-5-tokens] 2 | sampleDir = ./samples 3 | outputMode = httpevent 4 | httpeventServers = {"servers":[{ "protocol":"https", "address":"", "port":"", "key":""}]} 5 | index = eg 6 | sourcetype = eventgen-6 7 | source = eg6.log 8 | host = localhost 9 | threading = process 10 | 11 | # Increase the perDayVolume until the output queue backs up 12 | perDayVolume = 13 | 14 | token.0.token = \d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2} 15 | token.0.replacementType = timestamp 16 | token.0.replacement = %Y-%m-%d %H:%M:%S 17 | 18 | token.1.token = @@int1 19 | token.1.replacementType = random 20 | token.1.replacement = integer[0:9] 21 | 22 | token.2.token = @@int2 23 | token.2.replacementType = random 24 | token.2.replacement = integer[0:9] 25 | 26 | token.3.token = @@int3 27 | token.3.replacementType = random 28 | token.3.replacement = integer[0:9] 29 | 30 | token.4.token = \d{2}:\d{2}:\d{2} 31 | token.4.replacementType = timestamp 32 | token.4.replacement = %H:%M:%S 33 | -------------------------------------------------------------------------------- /tests/perf/samples/windbag-5-tokens: -------------------------------------------------------------------------------- 1 | 2014-01-04 20:54:34 WINDBAG Event 1 of 5 @@int1 @@int2 @@int3 20:54:34 2 | 2014-01-04 20:54:35 WINDBAG Event 2 of 5 @@int1 @@int2 @@int3 20:54:34 3 | 2014-01-04 20:54:36 WINDBAG Event 3 of 5 @@int1 @@int2 @@int3 20:54:34 4 | 2014-01-04 20:54:37 WINDBAG Event 4 of 5 @@int1 @@int2 @@int3 20:54:34 5 | 2014-01-04 20:54:38 WINDBAG Event 5 of 5 @@int1 @@int2 @@int3 20:54:34 -------------------------------------------------------------------------------- /tests/sample_bundle.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/splunk/eventgen/52542a6565ab75d7f1ad7debbdf75cfa9b79d226/tests/sample_bundle.zip -------------------------------------------------------------------------------- /tests/sample_eventgen_conf/autotimestamp/eventgen.conf.autotimestamp: -------------------------------------------------------------------------------- 1 | [replay] 2 | sampleDir = ../replay 3 | mode = sample 4 | timeMultiple = 2 5 | autotimestamp = true 6 | end = 1 7 | 8 | outputMode = stdout 9 | index = main 10 | sourcetype = windbag 11 | source = windbag.log 12 | host = localhost 13 | -------------------------------------------------------------------------------- /tests/sample_eventgen_conf/backfill/eventgen.conf.backfillend: -------------------------------------------------------------------------------- 1 | [sample] 2 | sampleDir = ../sample 3 | outputMode = stdout 4 | count = 10 5 | earliest = now 6 | latest = now 7 | interval = 1 8 | randomizeEvents = true 9 | backfill = -15m 10 | end = 3 11 | 12 | token.0.token = \d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2} 13 | token.0.replacementType = timestamp 14 | token.0.replacement = %Y-%m-%d %H:%M:%S 15 | -------------------------------------------------------------------------------- /tests/sample_eventgen_conf/backfill/eventgen.conf.backfillreplay: -------------------------------------------------------------------------------- 1 | [replay] 2 | sampleDir = ../replay 3 | generator = replay 4 | timeMultiple = 2 5 | backfill = -15m 6 | end = 3 7 | interval=0 8 | 9 | outputMode = stdout 10 | index = main 11 | sourcetype = windbag 12 | source = windbag.log 13 | host = localhost 14 | splunkHost = host3.foobar.com 15 | splunkPort = 10089 16 | splunkUser = admin 17 | splunkPass = changeme 18 | 19 | token.0.token = \d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2} 20 | token.0.replacementType = replaytimestamp 21 | token.0.replacement = %Y-%m-%d %H:%M:%S 22 | -------------------------------------------------------------------------------- /tests/sample_eventgen_conf/backfill/eventgen.conf.backfillsample: -------------------------------------------------------------------------------- 1 | [sample] 2 | sampleDir = ../sample 3 | outputMode = stdout 4 | count = 10 5 | earliest = now 6 | latest = now 7 | interval = 1 8 | randomizeEvents = true 9 | backfill = -15m 10 | end = 3 11 | 12 | token.0.token = \d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2} 13 | token.0.replacementType = timestamp 14 | token.0.replacement = %Y-%m-%d %H:%M:%S 15 | -------------------------------------------------------------------------------- /tests/sample_eventgen_conf/breakersample/breakersample: -------------------------------------------------------------------------------- 1 | 20110414114247.083068 2 | PercentProcessorTime=@@proc_time 3 | PercentUserTime=37 4 | wmi_type=CPUTime 5 | 6 | 20110414114247.083068 7 | PercentProcessorTime=100 8 | PercentUserTime=37 9 | wmi_type=CPUTime 10 | -------------------------------------------------------------------------------- /tests/sample_eventgen_conf/breakersample/eventgen.conf.breakersample: -------------------------------------------------------------------------------- 1 | [breakersample] 2 | sampleDir = . 3 | outputMode = stdout 4 | count = 3 5 | earliest = -3s 6 | latest = now 7 | interval = 3 8 | breaker = ^\d{14}\.\d{6} 9 | end = 3 10 | 11 | token.0.token = ^(\d{14})\.\d{6} 12 | token.0.replacementType = timestamp 13 | token.0.replacement = %Y%m%d%H%M%S 14 | -------------------------------------------------------------------------------- /tests/sample_eventgen_conf/breakersample/eventgen.conf.randombreakersample: -------------------------------------------------------------------------------- 1 | [breakersample] 2 | sampleDir = . 3 | outputMode = stdout 4 | count = 3 5 | earliest = -3s 6 | latest = now 7 | interval = 3 8 | breaker = ^\d{14}\.\d{6} 9 | randomizeEvents = true 10 | end = 3 11 | 12 | token.0.token = ^(\d{14})\.\d{6} 13 | token.0.replacementType = timestamp 14 | token.0.replacement = %Y%m%d%H%M%S 15 | -------------------------------------------------------------------------------- /tests/sample_eventgen_conf/bundlelines/csv: -------------------------------------------------------------------------------- 1 | index,host,source,sourcetype,"_raw" 2 | "main","csharp-mbp15.local","windbag.log",windbag,"2014-01-04 20:54:34 WINDBAG Event 1 of 5" 3 | "main","csharp-mbp15.local","windbag.log",windbag,"2014-01-04 20:54:35 WINDBAG Event 2 of 5" 4 | "main","csharp-mbp15.local","windbag.log",windbag,"2014-01-04 20:54:36 WINDBAG Event 3 of 5" 5 | "main","csharp-mbp15.local","windbag.log",windbag,"2014-01-04 20:54:37 WINDBAG Event 4 of 5" 6 | "main","csharp-mbp15.local","windbag.log",windbag,"2014-01-04 20:54:38 WINDBAG Event 5 of 5" -------------------------------------------------------------------------------- /tests/sample_eventgen_conf/bundlelines/eventgen.conf.bundlelinescsv: -------------------------------------------------------------------------------- 1 | [csv] 2 | sampleDir = . 3 | outputMode = stdout 4 | count = 3 5 | earliest = -3s 6 | latest = now 7 | interval = 3 8 | bundlelines = true 9 | sampletype = csv 10 | end = 3 11 | 12 | token.0.token = \d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2} 13 | token.0.replacementType = timestamp 14 | token.0.replacement = %Y-%m-%d %H:%M:%S 15 | -------------------------------------------------------------------------------- /tests/sample_eventgen_conf/bundlelines/eventgen.conf.bundlelinesraw: -------------------------------------------------------------------------------- 1 | [raw] 2 | sampleDir = . 3 | outputMode = stdout 4 | count = 3 5 | earliest = -3s 6 | latest = now 7 | interval = 3 8 | bundlelines = true 9 | end = 3 10 | 11 | token.0.token = \d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2} 12 | token.0.replacementType = timestamp 13 | token.0.replacement = %Y-%m-%d %H:%M:%S 14 | -------------------------------------------------------------------------------- /tests/sample_eventgen_conf/bundlelines/raw: -------------------------------------------------------------------------------- 1 | 2014-01-04 20:54:34 WINDBAG Event 1 of 5 2 | 2014-01-04 20:54:35 WINDBAG Event 2 of 5 3 | 2014-01-04 20:54:36 WINDBAG Event 3 of 5 4 | 2014-01-04 20:54:37 WINDBAG Event 4 of 5 5 | 2014-01-04 20:54:38 WINDBAG Event 5 of 5 -------------------------------------------------------------------------------- /tests/sample_eventgen_conf/eventgen.conf.test1: -------------------------------------------------------------------------------- 1 | [weblog.sample] 2 | mode = sample 3 | sampletype = csv 4 | outputMode = file 5 | fileName = tests/weblog.out 6 | fileMaxBytes = 10485760000 7 | interval = 3 8 | earliest = -3s 9 | latest = now 10 | count = 800 11 | randomizeCount = 0.33 12 | randomizeEvents = true 13 | backfill = -10m 14 | 15 | # replace timestamp 16 | token.0.token = \d{1,2}/\w{3}/\d{4}\s\d{2}:\d{2}:\d{2}:\d{1,3} 17 | token.0.replacementType = timestamp 18 | token.0.replacement = %d/%b/%Y %H:%M:%S:%f 19 | 20 | # replace client IP 21 | token.1.token = (XXXXXXXXXX) 22 | token.1.replacementType = file 23 | token.1.replacement = samples/external_ips.sample 24 | 25 | # replace server name 26 | token.2.token = (YYYYYYYYYY) 27 | token.2.replacementType = file 28 | token.2.replacement = tests/test1/webhosts.sample 29 | 30 | # replace product ID 31 | token.3.token = (AAAAAAAAAA) 32 | token.3.replacementType = file 33 | token.3.replacement = tests/test1/products.sample 34 | 35 | # replace item ID 36 | token.4.token = (BBBBBBBBBB) 37 | token.4.replacementType = file 38 | token.4.replacement = tests/test1/items.sample 39 | 40 | # replace category ID 41 | token.5.token = (CCCCCCCCCC) 42 | token.5.replacementType = file 43 | token.5.replacement = tests/test1/categories.sample 44 | 45 | # replace user agent string 46 | token.6.token = (DDDDDDDDDD) 47 | token.6.replacementType = file 48 | token.6.replacement = tests/test1/useragents.sample 49 | 50 | # replace action string 51 | token.7.token = (EEEEEEEEEE) 52 | token.7.replacementType = file 53 | token.7.replacement = tests/test1/shoppingactions.sample 54 | 55 | # replace status 56 | token.8.token = (FFFFFFFFFF) 57 | token.8.replacementType = file 58 | token.8.replacement = tests/test1/webserverstatus.sample 59 | 60 | # replace size 61 | token.9.token = (GGGGGGGGGG) 62 | token.9.replacementType = random 63 | token.9.replacement = integer[200:4000] 64 | 65 | # replace time taken 66 | token.10.token = (HHHHHHHHHH) 67 | token.10.replacementType = random 68 | token.10.replacement = integer[100:1000] -------------------------------------------------------------------------------- /tests/sample_eventgen_conf/httpevent/eventgen.conf.httpevent: -------------------------------------------------------------------------------- 1 | [windbag] 2 | generator = windbag 3 | earliest = -3s 4 | latest = now 5 | interval = 3 6 | count = 5 7 | end = 3 8 | outputMode = httpevent 9 | httpeventServers = {"servers":[{ "protocol":"https", "address":"127.0.0.1", "port":"8088", "key":"8d5ab52c-3759-49e3-b66a-5213ce525692"}]} 10 | -------------------------------------------------------------------------------- /tests/sample_eventgen_conf/jinja/eventgen.conf.jinja: -------------------------------------------------------------------------------- 1 | [test_jinja] 2 | end = 1 3 | count = 1 4 | generator = jinja 5 | jinja_template_dir = templates 6 | jinja_target_template = test_jinja.template 7 | jinja_variables = {"large_number":50000} 8 | earliest = -3s 9 | latest = now 10 | outputMode = modinput 11 | 12 | [test_jinja_loop] 13 | end = 1 14 | count = 5 15 | generator = jinja 16 | jinja_template_dir = templates 17 | jinja_target_template = test_jinja_loop.template 18 | jinja_variables = {"large_number":1000} 19 | earliest = -3s 20 | latest = now 21 | outputMode = modinput 22 | 23 | [test_jinja_timeslice] 24 | end = 1 25 | generator = jinja 26 | jinja_template_dir = templates 27 | jinja_target_template = test_jinja_timeslice.template 28 | jinja_variables = {"large_number":1000} 29 | earliest = -3s 30 | latest = now 31 | outputMode = modinput 32 | -------------------------------------------------------------------------------- /tests/sample_eventgen_conf/jinja/eventgen.conf.jinja_basic: -------------------------------------------------------------------------------- 1 | [Test_Jinja] 2 | end = 1 3 | count = 1 4 | generator = jinja 5 | sampleDir = . 6 | jinja_template_dir = templates 7 | jinja_target_template = test_jinja_basic.template 8 | jinja_variables = {"large_number":10} 9 | earliest = -3s 10 | latest = now 11 | outputMode = file 12 | fileName = test_jinja_generator_file_output.result 13 | -------------------------------------------------------------------------------- /tests/sample_eventgen_conf/jinja/eventgen.conf.jinja_example: -------------------------------------------------------------------------------- 1 | [Advanced_Jinja] 2 | end = 1 3 | count = 1 4 | interval = 3 5 | generator = jinja 6 | jinja_template_dir = templates 7 | jinja_target_template = test_jinja_advanced.template 8 | jinja_variables = {"large_number":10, "userIDRange": 500, "userMessage": "mockMessage", "sender": "mockSender"} 9 | earliest = -3s 10 | latest = now 11 | outputMode = stdout 12 | -------------------------------------------------------------------------------- /tests/sample_eventgen_conf/jinja/eventgen.conf.jinja_time_examples: -------------------------------------------------------------------------------- 1 | [Test_Jinja_TimeExamples] 2 | end = 1 3 | count = 1 4 | generator = jinja 5 | jinja_template_dir = templates 6 | jinja_target_template = test_jinja_timeexamples.template 7 | jinja_variables = {"large_number":10} 8 | earliest = -3s 9 | latest = now 10 | outputMode = stdout 11 | -------------------------------------------------------------------------------- /tests/sample_eventgen_conf/jinja/templates/CxlRejReason.template: -------------------------------------------------------------------------------- 1 | {% set errors = [("0", "Too late to cancel", 1), ("1", "Unknown Order", 1), ("2", "Broker / Exchange Option", 5), ("99", "Other", 2)] -%} 2 | {% set elist = [] -%} 3 | {% for id, msg, pri in errors -%} 4 | {% for _ in range(0, pri) %} 5 | {% do elist.append((id, msg)) -%} 6 | {% endfor -%} 7 | {% endfor -%} 8 | 9 | {% set reason = elist | random %} 10 | 11 | {{ reason }} -------------------------------------------------------------------------------- /tests/sample_eventgen_conf/jinja/templates/OrdRejReason_103.template: -------------------------------------------------------------------------------- 1 | {% set errors = [("0", "Broker option", 5), ("1", "Unknown Symbol", 1), ("3", "Order exceeds limit", 1), ("7", "Duplicate of verbally committed order", 1), ("8", "Stale order", 2)] -%} 2 | {% set elist = [] -%} 3 | {% for id, msg, pri in errors -%} 4 | {% for _ in range(0, pri) %} 5 | {% do elist.append((id, msg)) -%} 6 | {% endfor -%} 7 | {% endfor -%} 8 | 9 | {% set reason = elist | random %} 10 | -------------------------------------------------------------------------------- /tests/sample_eventgen_conf/jinja/templates/count_test.template: -------------------------------------------------------------------------------- 1 | {% set events = 3 -%} <-- pass 2 | {% set slices = 20 -%} <-- pass 3 | {% set max = slices // events -%} 4 | 5 | {% set crange = [] -%} 6 | {% for _ in range(0, events) %} 7 | {% set minr = max*loop.index0+1 -%} 8 | {% set maxr = max*loop.index -%} 9 | {% do crange.append((minr, maxr)) -%} 10 | {% endfor %} 11 | 12 | {% set cyc = cycler(crange) -%} 13 | 14 | {% for _ in range(0, events) %} 15 | {% set newct = range(crange[1][0], crange[1][1], 1) | random -%} 16 | {"_time":"{{ time_target_epoch }}", "_raw":"{{ newct }}"} 17 | {% endfor %} 18 | 19 | 20 | 21 | {# 22 | {{ range(max*loop.index0+1) :: range(max*loop.index)}} 23 | 24 | 25 | 20 // 3 = 6 26 | 27 | 1, max (1) 28 | 7,12 (2) 29 | 13,18 (3) <- loop.index 30 | 31 | 40 // 3 = 39 / 3 = 13 32 | 33 | 1 , 13 34 | 14 , 26 35 | 27, 39 36 | 37 | 38 | max * li0 (0) + 1 = 1 || max * li (1) = 6 39 | max * li0 (1) + 1 = 7 || max * li (2) = 12 40 | max * li0 (2) + 1 = 13 || max * li (3) = 18 41 | max * li0 (3) + 1 = 19|| max * li (4) =24 42 | 43 | 44 | 45 | range(max*loop.index0+1) 46 | #} -------------------------------------------------------------------------------- /tests/sample_eventgen_conf/jinja/templates/examples/test_jinja_advanced.template: -------------------------------------------------------------------------------- 1 | {% with %} 2 | {% import 'fix_includes.template' as fixinc %} 3 | {% include "order_over_max2.template" %} 4 | {%- time_now -%} 5 | {"_time":"{{ time_now_epoch }}", "_raw":"8=FIX.4.29=14735=D34=3949={{fixinc.ACCOUNTS[0]}}52=20120404-20:05:46.11356={{fixinc.LOCAL}}1={{fixinc.ACCOUNTS[1]}}11={{fixinc.CLORDID}}38={{fixinc.ORDQTYM}}40=144={{fixinc.PRICE}}47=A54={{fixinc.SIDE}}55={{fixinc.SYMBOLS[0]}}167=FUT200=201206204=0207=BTEX10=184", "source": "user", "sourcetype": "userEvent" } 6 | {%- time_now -%} 7 | {"_time":"{{ time_now_epoch }}", "_raw":"8=FIX.4.29=0041635=849={{fixinc.LOCAL}}56={{fixinc.ACCOUNTS[0] }}50=BTORD{{fixinc.ACCOUNTS[1]}}57=NONE34=6152=20120404-20:05:46.11555={{fixinc.SYMBOLS[0]}}48=BTRD062012167=FUT207=BTEX15=USD1={{fixinc.ACCOUNTS[1]}}47=A204=011={{fixinc.CLORDID}}37={{fixinc.ORDID}}17={{fixinc.EXECID}}58=From Gateway: BT0Q33 > BTEQ33 over max qty200=201206103=0151=014=054={{fixinc.SIDE}}40=177=O59=0150=820=039=8442=144={{fixinc.PRICE}}38={{fixinc.ORDQTYM}}6=060=20120404-20:05:46.115146=010=056", "source": "user", "sourcetype": "userEvent" } 8 | {% endwith %} -------------------------------------------------------------------------------- /tests/sample_eventgen_conf/jinja/templates/examples/test_jinja_advanced_extension.template: -------------------------------------------------------------------------------- 1 | {% block head -%} 2 | {"_time": "MockTimeBlock", "_raw": "If you see this, you successfully imported another jinja template."} 3 | {%- endblock -%} -------------------------------------------------------------------------------- /tests/sample_eventgen_conf/jinja/templates/examples/trans_jinja.template: -------------------------------------------------------------------------------- 1 | {% for _ in range(0, large_number) %} 2 | {%- time_now -%} 3 | {"_time":"{{ time_now_epoch }}", "_raw":"{{ time_now_formatted }} {{ LOCAL|random }} {{ large_number }} " } 4 | {"_time":"{{ time_now_epoch }}", "_raw":"{{ time_now_formatted }} {{ LOCAL|random }} {{ large_number }} " } 5 | {"_time":"{{ time_now_epoch }}", "_raw":"{{ time_now_formatted }} {{ LOCAL|random }} {{ large_number }} " } 6 | {"_time":"{{ time_now_epoch }}", "_raw":"{{ time_now_formatted }} {{ LOCAL|random }} {{ large_number }} " } 7 | {% endfor %} -------------------------------------------------------------------------------- /tests/sample_eventgen_conf/jinja/templates/fix_includes.template: -------------------------------------------------------------------------------- 1 | {% macro r_int() -%}{% for n in [0,1,2,3,4,5] %}{{ [0,1,2,3,4,5,6,7,8,9]|random }}{% endfor %}{%- endmacro -%} 2 | 3 | {% macro guid() -%}{{ [r_int(),r_int(),r_int(),r_int(),r_int()]|join('-')}}{%- endmacro -%} 4 | 5 | {% set LOCAL = ['BTSYS-ONE', 'BTSYS-TWO', 'BTSYS-THREE']|random %} 6 | {% set CLORDID = guid() %} 7 | {% set NEWCLORDID = guid() %} 8 | {% set ORDID = guid() %} 9 | {% set EXECID = guid() %} 10 | {% set SECORDID = guid() %} 11 | {% set ACCOUNTS = [("REMOTE-ONE", "RONE"), ("REMOTE-TWO", "RTWO"), ("REMOTE-THREE", "RTHREE")] | random | list %} 12 | {% set SIDE = [1,2] | random %} 13 | {% set SYMBOLS = [("NBCT", 128, 130), ("NAMZ", 100, 102), ("NAPL", 48, 49)] | random | list %} 14 | {% set PRICE = [range(SYMBOLS[1], SYMBOLS[2], 1)| random, '%02d' % range(00,99,1) | random]|join('.') %} 15 | {% set ORDQTYM = range(10000,12000,1) | random %} 16 | {% set ORDQTY = range(10000,12000,1) | random %} 17 | {#% set SUBSEC0 = '%03d' % range(000,199,1) | random %#} 18 | 19 | -------------------------------------------------------------------------------- /tests/sample_eventgen_conf/jinja/templates/fix_tags: -------------------------------------------------------------------------------- 1 | 1 2 | 10 3 | 11 4 | 14 5 | 146 6 | 15 7 | 150 8 | 151 9 | 167 10 | 17 11 | 198 12 | 20 13 | 204 14 | 207 15 | 308 16 | 309 17 | 31 18 | 310 19 | 311 20 | 313 21 | 318 22 | 319 23 | 32 24 | 34 25 | 35 26 | 37 27 | 38 28 | 39 29 | 40 30 | 44 31 | 442 32 | 47 33 | 48 34 | 49 35 | 50 36 | 52 37 | 54 38 | 55 39 | 56 40 | 57 41 | 58 42 | 59 43 | 6 44 | 60 45 | 77 46 | 9 47 | 1 48 | 10 49 | 103 50 | 11 51 | 14 52 | 146 53 | 15 54 | 150 55 | 151 56 | 167 57 | 17 58 | 20 59 | 200 60 | 204 61 | 207 62 | 34 63 | 35 64 | 37 65 | 38 66 | 39 67 | 40 68 | 44 69 | 442 70 | 47 71 | 48 72 | 49 73 | 50 74 | 52 75 | 54 76 | 55 77 | 56 78 | 57 79 | 58 80 | 59 81 | 6 82 | 60 83 | 77 84 | 9 85 | 1 86 | 10 87 | 102 88 | 11 89 | 14 90 | 15 91 | 150 92 | 151 93 | 167 94 | 17 95 | 198 96 | 20 97 | 200 98 | 204 99 | 207 100 | 31 101 | 32 102 | 34 103 | 35 104 | 37 105 | 375 106 | 38 107 | 39 108 | 40 109 | 434 110 | 44 111 | 442 112 | 47 113 | 48 114 | 49 115 | 50 116 | 52 117 | 54 118 | 55 119 | 56 120 | 57 121 | 58 122 | 59 123 | 6 124 | 60 125 | 75 126 | 77 127 | 9 128 | 1 129 | 10 130 | 102 131 | 11 132 | 14 133 | 15 134 | 150 135 | 151 136 | 167 137 | 17 138 | 198 139 | 20 140 | 200 141 | 204 142 | 207 143 | 31 144 | 32 145 | 34 146 | 35 147 | 37 148 | 375 149 | 38 150 | 39 151 | 40 152 | 434 153 | 44 154 | 442 155 | 47 156 | 48 157 | 49 158 | 50 159 | 52 160 | 54 161 | 55 162 | 56 163 | 57 164 | 58 165 | 59 166 | 6 167 | 60 168 | 75 169 | 77 170 | 9 171 | 1 172 | 10 173 | 102 174 | 11 175 | 14 176 | 15 177 | 150 178 | 151 179 | 167 180 | 17 181 | 198 182 | 20 183 | 200 184 | 204 185 | 207 186 | 31 187 | 32 188 | 34 189 | 35 190 | 37 191 | 375 192 | 38 193 | 39 194 | 40 195 | 434 196 | 44 197 | 442 198 | 47 199 | 48 200 | 49 201 | 50 202 | 52 203 | 54 204 | 55 205 | 56 206 | 57 207 | 58 208 | 59 209 | 6 210 | 60 211 | 75 212 | 77 213 | 9 214 | 1 215 | 10 216 | 11 217 | 14 218 | 15 219 | 150 220 | 151 221 | 167 222 | 17 223 | 198 224 | 20 225 | 200 226 | 204 227 | 207 228 | 34 229 | 35 230 | 37 231 | 38 232 | 39 233 | 40 234 | 41 235 | 44 236 | 442 237 | 47 238 | 48 239 | 49 240 | 50 241 | 52 242 | 54 243 | 55 244 | 56 245 | 57 246 | 59 247 | 6 248 | 60 249 | 77 250 | 9 251 | -------------------------------------------------------------------------------- /tests/sample_eventgen_conf/jinja/templates/import_test.template: -------------------------------------------------------------------------------- 1 | {% from 'random_slice_count.template' import getcount %} 2 | {% from 'fix_includes.template' import %} 3 | 4 | {%- time_slice earliest=earliest, latest=eventgen_earliest_epoch, count=getcount(1, 20, 0), slices=20, date_format="%Y%m%d-%H:%M:%S.%f" -%} 5 | {"_time":"{{time_target__epoch }}", "_raw":"49={{ACCOUNTS[0]}}52={{time_target_formatted}}56={{LOCAL}}1={{ACCOUNTS[1]}}", "source": "new_order_with_fill", "sourcetype": "fix" } -------------------------------------------------------------------------------- /tests/sample_eventgen_conf/jinja/templates/new_order_with_fill_times.template: -------------------------------------------------------------------------------- 1 | {% with %} 2 | {% import 'fix_includes.template' as fixinc %} 3 | {%- time_now -%} 4 | {"_time":"{{ time_now_epoch }}", "_raw":"8=FIX.4.29=15735=D34=249={{fixinc.ACCOUNTS[0]}}52=20120329-20:36:44.53456={{fixinc.LOCAL}}1={{fixinc.ACCOUNTS[1]}}11={{fixinc.CLORDID}}38={{fixinc.ORDQTY}}40=144={{fixinc.PRICE}}47=A48=BTRD062012SPD09201254={{fixinc.SIDE}}77=O204=1207=BTEX55={{fixinc.SYMBOLS[0]}}10=030", "source": "new_order_with_fill", "sourcetype": "fix" } 5 | {%- time_now -%} 6 | {"_time":"{{ time_now_epoch }}", "_raw":"8=FIX.4.29=0052735=849={{fixinc.LOCAL}}56={{fixinc.ACCOUNTS[0]}}50=BTORD{{fixinc.ACCOUNTS[1]}}57=NONE34=252=20120329-20:36:44.53655={{fixinc.SYMBOLS[0]}}48=BTRD062012SPD092012167=MLEG207=BTEX15=USD1={{fixinc.ACCOUNTS[1]}}47=A204=111={{fixinc.CLORDID}}37={{fixinc.ORDID}}17={{fixinc.EXECID}}-0198={{fixinc.SECORDID}}151=1214=054={{fixinc.SIDE}}40=177=O59=0150=020=039=0442=344={{fixinc.PRICE}}38={{fixinc.ORDQTY}}6=060=20120329-20:36:44.380146=2311=BTRD309=BTRD062012310=FUT308=BTEX318=USD313=201206319=1311=BTRD309=BTRD092012310=FUT308=BTEX318=USD313=201209319=110=181", "source": "new_order_with_fill", "sourcetype": "fix" } 7 | {%- time_now -%} 8 | {"_time":"{{ time_now_epoch }}", "_raw":"8=FIX.4.29=0062435=849={{fixinc.LOCAL}}56={{fixinc.ACCOUNTS[0]}}50=BTORD{{fixinc.ACCOUNTS[1]}}57=NONE34=552=20120329-20:38:11.06755={{fixinc.SYMBOLS[0]}}48=BTRD062012SPD092012167=MLEG207=BTEX15=USD1={{fixinc.ACCOUNTS[1]}}47=A204=111={{fixinc.CLORDID}}37={{fixinc.ORDID}}17={{fixinc.EXECID}}-158=Summary Fill198={{fixinc.SECORDID}}32=12151=014=1254={{fixinc.SIDE}}40=177=O59=037={{fixinc.ORDID}}20=039=2442=344={{fixinc.PRICE}}38={{fixinc.ORDQTY}}31=3.56=360=20120329-20:38:10.970146=2311=BTRD309=BTRD062012310=FUT308=BTEX318=USD313=201206319=1311=BTRD309=BTRD092012310=FUT308=BTEX318=USD313=201209319=110=146", "source": "new_order_with_fill", "sourcetype": "fix" } 9 | {% endwith %} -------------------------------------------------------------------------------- /tests/sample_eventgen_conf/jinja/templates/order_errors.template: -------------------------------------------------------------------------------- 1 | {% macro time_delta(diff) -%}{{ eventgen_earliest_epoch - diff}}{%- endmacro -%} 2 | {% set earliest = time_delta(5) %} 3 | 4 | {%- with -%} 5 | {% set events = 2 -%} 6 | {% set slicect = 13 -%} 7 | {% import 'random_slice_count.template' as randomslice %} 8 | {% import 'fix_includes.template' as fixinc %} 9 | {% import 'OrdRejReason_103.template' as ordrejreason %} 10 | {%- time_slice earliest=earliest, latest=eventgen_earliest_epoch, count=randomslice.getcount(events, slicect, 0), slices=slicect, date_format="%Y%m%d-%H:%M:%S.%f" -%} 11 | {"_time":"{{ time_target_epoch }}", "_raw":"8=FIX.4.29=14735=D34=3949={{fixinc.ACCOUNTS[0]}}52={{time_target_formatted}}56={{fixinc.LOCAL}}1={{fixinc.ACCOUNTS[1]}}11={{fixinc.CLORDID}}38={{fixinc.ORDQTYM}}40=144={{fixinc.PRICE}}47=A54={{fixinc.SIDE}}55={{fixinc.SYMBOLS[0]}}167=FUT200=201206204=0207=BTEX10=184", "source": "order_over_max", "sourcetype": "fix" } 12 | {%- time_slice earliest=earliest, latest=eventgen_earliest_epoch, count=randomslice.getcount(events, slicect, 1), slices=slicect, date_format="%Y%m%d-%H:%M:%S.%f" -%} 13 | {"_time":"{{ time_target_epoch }}", "_raw":"8=FIX.4.29=0041635=849={{fixinc.LOCAL}}56={{fixinc.ACCOUNTS[0] }}50=BTORD{{fixinc.ACCOUNTS[1]}}57=NONE34=6152={{time_target_formatted}}55={{fixinc.SYMBOLS[0]}}48=BTRD062012167=FUT207=BTEX15=USD1={{fixinc.ACCOUNTS[1]}}47=A204=011={{fixinc.CLORDID}}37={{fixinc.ORDID}}17={{fixinc.EXECID}}58={{ordrejreason.reason[1]}}200=201206103={{ordrejreason.reason[0]}}151=014=054={{fixinc.SIDE}}40=177=O59=0150=820=039=8442=144={{fixinc.PRICE}}38={{fixinc.ORDQTYM}}6=060=20120404-20:05:46.115146=010=056", "source": "order_over_max", "sourcetype": "fix" } 14 | {%- endwith -%} -------------------------------------------------------------------------------- /tests/sample_eventgen_conf/jinja/templates/order_over_max.template: -------------------------------------------------------------------------------- 1 | {% macro time_delta(diff) -%}{{ eventgen_earliest_epoch - diff}}{%- endmacro -%} 2 | {% set earliest = time_delta(5) %} 3 | 4 | {%- with -%} 5 | {% set events = 2 -%} 6 | {% set slicect = 13 -%} 7 | {% import 'random_slice_count.template' as randomslice %} 8 | {% import 'fix_includes.template' as fixinc %} 9 | {%- time_slice earliest=earliest, latest=eventgen_earliest_epoch, count=randomslice.getcount(events, slicect, 0), slices=slicect, date_format="%Y%m%d-%H:%M:%S.%f" -%} 10 | {"_time":"{{ time_target_epoch }}", "_raw":"8=FIX.4.29=14735=D34=3949={{fixinc.ACCOUNTS[0]}}52={{time_target_formatted}}56={{fixinc.LOCAL}}1={{fixinc.ACCOUNTS[1]}}11={{fixinc.CLORDID}}38={{fixinc.ORDQTYM}}40=144={{fixinc.PRICE}}47=A54={{fixinc.SIDE}}55={{fixinc.SYMBOLS[0]}}167=FUT200=201206204=0207=BTEX10=184", "source": "order_over_max", "sourcetype": "fix" } 11 | {%- time_slice earliest=earliest, latest=eventgen_earliest_epoch, count=randomslice.getcount(events, slicect, 1), slices=slicect, date_format="%Y%m%d-%H:%M:%S.%f" -%} 12 | {"_time":"{{ time_target_epoch }}", "_raw":"8=FIX.4.29=0041635=849={{fixinc.LOCAL}}56={{fixinc.ACCOUNTS[0] }}50=BTORD{{fixinc.ACCOUNTS[1]}}57=NONE34=6152={{time_target_formatted}}55={{fixinc.SYMBOLS[0]}}48=BTRD062012167=FUT207=BTEX15=USD1={{fixinc.ACCOUNTS[1]}}47=A204=011={{fixinc.CLORDID}}37={{fixinc.ORDID}}17={{fixinc.EXECID}}58=From Gateway: BT0Q33 > BTEQ33 over max qty200=201206103=0151=014=054={{fixinc.SIDE}}40=177=O59=0150=820=039=8442=144={{fixinc.PRICE}}38={{fixinc.ORDQTYM}}6=060=20120404-20:05:46.115146=010=056", "source": "order_over_max", "sourcetype": "fix" } 13 | {%- endwith -%} -------------------------------------------------------------------------------- /tests/sample_eventgen_conf/jinja/templates/random_slice.template: -------------------------------------------------------------------------------- 1 | {%- macro time_delta(diff) -%}{{ eventgen_earliest_epoch - diff}}{%- endmacro -%} 2 | {%- set earliest = time_delta(1) -%} 3 | 4 | 5 | 6 | {%- with -%} 7 | {% import 'fix_includes.template' as fixinc %} 8 | {% set events = 3 -%} 9 | {% set slicect = 20 -%} 10 | {% import 'random_slice_count.template' as randomslice %} 11 | {%- time_slice earliest=earliest, latest=eventgen_earliest_epoch, count=randomslice.getcount(events, slicect, 0), slices=slicect, date_format="%Y%m%d-%H:%M:%S.%f" -%} 12 | {"_time":"{{time_target_epoch}}", "_raw":"1: {{randomslice.getcount(events, slicect, 0)}} > {{time_target_formatted}}"} 13 | {%- time_slice earliest=earliest, latest=eventgen_earliest_epoch, count=randomslice.getcount(events, slicect,1), slices=slicect, date_format="%Y%m%d-%H:%M:%S.%f" -%} 14 | {"_time":"{{time_target_epoch}}", "_raw":"2: {{randomslice.getcount(events, slicect, 1)}} > {{time_target_formatted}}"} 15 | {%- time_slice earliest=earliest, latest=eventgen_earliest_epoch, count=randomslice.getcount(events, slicect, 2), slices=slicect, date_format="%Y%m%d-%H:%M:%S.%f" -%} 16 | {"_time":"{{time_target_epoch}}", "_raw":"3: {{randomslice.getcount(events, slicect, 2)}} > {{time_target_formatted}}"} 17 | {%- endwith -%} -------------------------------------------------------------------------------- /tests/sample_eventgen_conf/jinja/templates/random_slice_count.template: -------------------------------------------------------------------------------- 1 | {% macro getcount(pevent, pslice, ploop) -%} 2 | {% set max = pslice //pevent -%} 3 | {% set crange = [] -%} 4 | {%- for _ in range(0, pevent) -%} 5 | {% do crange.append((max*loop.index0+1, max*loop.index)) -%} 6 | {%- endfor -%} 7 | {{ range(crange[ploop][0], crange[ploop][1], 1) | random }} 8 | {%- endmacro -%} 9 | -------------------------------------------------------------------------------- /tests/sample_eventgen_conf/jinja/templates/test_event.template: -------------------------------------------------------------------------------- 1 | {#% set earliest_epoch = time_delta(5) %#} 2 | {#% set latest_epoch = eventgen_earliest_epoch - eventgen_rcount %#} 3 | {#% macro time_delta(diff) -%}{{latest_epoch - diff}}{%- endmacro -%#} 4 | 5 | {% macro time_delta(diff) -%}{{eventgen_earliest_epoch-diff}}{%- endmacro -%} 6 | {% set earliest = time_delta(5) %} 7 | 8 | {% with %} 9 | {% import 'fix_includes.template' as fixinc %} 10 | {% import 'fix_includes.template' as fixinc %} 11 | {%- time_slice earliest=earliest, latest=eventgen_earliest_epoch, count=1, slices="20", date_format="%Y%m%d-%H:%M:%S.%f" -%} 12 | {"_time":"{{ time_target_epoch }}", "_raw":"{{yay}} Event {{rcount}}: Range 1: {{time_target_formatted}}", "source": "test_event_timeslice", "sourcetype": "fix" } 13 | {%- time_slice earliest=earliest, latest=eventgen_earliest_epoch, count=2, slices="20", date_format="%Y%m%d-%H:%M:%S.%f" -%} 14 | {"_time":"{{ time_target_epoch }}", "_raw":"Event {{rcount}}: Range 2: {{time_target_formatted}}", "source": "test_event_timeslice", "sourcetype": "fix" } 15 | {%- time_slice earliest=earliest, latest=eventgen_earliest_epoch, count=3, slices="20", date_format="%Y%m%d-%H:%M:%S.%f" -%} 16 | {"_time":"{{ time_target_epoch }}", "_raw":"Event {{rcount}}: Range 3: {{time_target_formatted}}", "source": "test_event_timeslice", "sourcetype": "fix" } 17 | {% endwith %} -------------------------------------------------------------------------------- /tests/sample_eventgen_conf/jinja/templates/test_event2.template: -------------------------------------------------------------------------------- 1 | {% set errors = [("0", "Too late to cancel", 1), ("1", "Unknown Order", 1), ("2", "Broker / Exchange Option", 5), ("99", "Other", 2)] -%} 2 | {% set elist = [] -%} 3 | {% for id, msg, pri in errors -%} 4 | {% for _ in range(0, pri) %} 5 | {% do elist.append((id, msg)) -%} 6 | {% endfor -%} 7 | {% endfor -%} 8 | 9 | 10 | {%- time_now date_format="%Y%m%d-%H:%M:%S.%f" -%} 11 | {"_time":"{{ time_now_epoch }}", "_raw":"{{time_now_formatted}} :: {{ prioe }}", "source": "errors", "sourcetype": "fix" } 12 | 13 | -------------------------------------------------------------------------------- /tests/sample_eventgen_conf/jinja/templates/test_event3.template: -------------------------------------------------------------------------------- 1 | {% set host_ip = '345' %} 2 | {% set port = '1234' %} 3 | 4 | {%- time_now -%} 5 | {"_time":"{{time_now_epoch}}", "_raw": "{{host_ip}} :: {{port}}", "source": "errors", "sourcetype": "fix" } -------------------------------------------------------------------------------- /tests/sample_eventgen_conf/jinja/templates/test_jinja.template: -------------------------------------------------------------------------------- 1 | {%- time_now -%} 2 | {"_time":"{{ time_now_epoch }}", "_raw":"{{ time_now_formatted }} I like little windbags 3 | Im at: {{ eventgen_count }} out of: {{ eventgen_maxcount }} 4 | I'm also hungry, can I have a pizza?"} 5 | -------------------------------------------------------------------------------- /tests/sample_eventgen_conf/jinja/templates/test_jinja_advanced.template: -------------------------------------------------------------------------------- 1 | {% macro input(name) -%} 2 | name = {{[0,1,2,3,4,5,6,7,8,9]|random}} 3 | {%- endmacro -%} 4 | {% macro guid() -%}{% for n in [0,1,2,3,4,5] %}{{ [0,1,2,3,4,5,6,7,8,9]|random }}{% endfor %}{%- endmacro -%} 5 | 6 | {% for _ in range(0, large_number) %} 7 | {%- time_now -%} 8 | {"_time": "{{ time_now_epoch }}", 9 | "_raw": "{{ time_now_formatted }} userID={{range(1, userIDRange) | random}} User messsage is 'new guid is: {{guid()}}', sender={{sender}}", 10 | "source": "user", 11 | "sourceType": "userEvent"} 12 | {% endfor %} 13 | 14 | {%- block head -%} 15 | {% include "test_jinja_advanced_extension.template" %} 16 | {%- endblock -%} 17 | 18 | -------------------------------------------------------------------------------- /tests/sample_eventgen_conf/jinja/templates/test_jinja_advanced_extension.template: -------------------------------------------------------------------------------- 1 | {% block head -%} 2 | {"_time": "MockTimeBlock", "_raw": "If you see this, you successfully imported another jinja template."} 3 | {%- endblock -%} -------------------------------------------------------------------------------- /tests/sample_eventgen_conf/jinja/templates/test_jinja_basic.template: -------------------------------------------------------------------------------- 1 | {% for _ in range(0, large_number) %} 2 | {%- time_now -%} 3 | {"_time":"{{ time_now_epoch }}", "_raw":"{{ time_now_formatted }} I like little windbags. Im at: {{ loop.index }} out of: {{ large_number }}"} 4 | {% endfor %} -------------------------------------------------------------------------------- /tests/sample_eventgen_conf/jinja/templates/test_jinja_loop.template: -------------------------------------------------------------------------------- 1 | {% for _ in range(0, large_number) %} 2 | {%- time_now -%} 3 | {"_time":"{{ time_now_epoch }}", "_raw":"{{ time_now_formatted }} I like little windbags 4 | Im at: {{ loop.index }} out of: {{ large_number }} 5 | I'm also hungry, can I have a pizza?"} 6 | {% endfor %} -------------------------------------------------------------------------------- /tests/sample_eventgen_conf/jinja/templates/test_jinja_timeslice 2.template: -------------------------------------------------------------------------------- 1 | {% for _ in range(0, large_number) %} 2 | {%- time_slice earliest="1549314369", latest="1549400769", count=loop.index, slices="5" -%} 3 | {"_time":"{{ time_target_epoch }}", "_raw":"{{ time_slice_epoch }} I like little windbags 4 | Im at: {{ loop.index }} out of: {{ large_number }} 5 | I'm also hungry, can I have a pizza?"} 6 | {% endfor %} -------------------------------------------------------------------------------- /tests/sample_eventgen_conf/jinja/templates/test_jinja_timeslice.template: -------------------------------------------------------------------------------- 1 | {% for _ in range(0, large_number) %} 2 | {%- time_slice earliest="1234", latest="2345", count=loop.index, slices="5" -%} 3 | {"_time":"{{ time_target_epoch }}", "_raw":"{{ time_target_formatted }} I like little windbags 4 | Im at: {{ loop.index }} out of: {{ large_number }} 5 | I'm also hungry, can I have a pizza?"} 6 | {% endfor %} -------------------------------------------------------------------------------- /tests/sample_eventgen_conf/largerconfig/eventgen.conf.largerconfig: -------------------------------------------------------------------------------- 1 | [windbag] 2 | generator = windbag 3 | earliest = -3s 4 | latest = now 5 | interval = 3 6 | count = 5 7 | outputMode = stdout 8 | end = 1 9 | 10 | [sample] 11 | sampleDir = ../sample 12 | outputMode = stdout 13 | count = 3 14 | earliest = -3s 15 | latest = now 16 | interval = 3 17 | end = 1 18 | 19 | token.0.token = \d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2} 20 | token.0.replacementType = timestamp 21 | token.0.replacement = %s.%f 22 | 23 | [sample.mobilemusic.csv] 24 | sampleDir = ../replaytimestamp 25 | outputMode = stdout 26 | sampletype = csv 27 | interval = 3 28 | earliest = -3s 29 | latest = now 30 | count = 1 31 | bundlelines = true 32 | hourOfDayRate = { "0": 0.30, "1": 0.20, "2": 0.20, "3": 0.20, "4": 0.20, "5": 0.25, "6": 0.35, "7": 0.50, "8": 0.60, "9": 0.65, "10": 0.70, "11": 0.75, "12": 0.77, "13": 0.80, "14": 0.82, "15": 0.85, "16": 0.87, "17": 0.90, "18": 0.95, "19": 1.0, "20": 0.85, "21": 0.70, "22": 0.60, "23": 0.45 } 33 | dayOfWeekRate = { "0": 0.97, "1": 0.95, "2": 0.90, "3": 0.97, "4": 1.0, "5": 0.99, "6": 0.55 } 34 | randomizeCount = 0.2 35 | backfill = -5m 36 | end = 1 37 | 38 | token.0.token = ((\w+\s+\d+\s+\d{2}:\d{2}:\d{2}:\d{3})|(\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}:\d{3})) 39 | token.0.replacementType = replaytimestamp 40 | token.0.replacement = ["%b %d %H:%M:%S:%f", "%Y-%m-%d %H:%M:%S:%f"] 41 | 42 | [replay] 43 | sampleDir = ../replay 44 | generator = replay 45 | timeMultiple = 2 46 | end = 1 47 | 48 | outputMode = stdout 49 | index = main 50 | sourcetype = windbag 51 | source = windbag.log 52 | host = localhost 53 | 54 | token.0.token = \d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2} 55 | token.0.replacementType = timestamp 56 | token.0.replacement = %Y-%m-%d %H:%M:%S 57 | 58 | [csv] 59 | sampleDir = ../bundlelines 60 | outputMode = stdout 61 | count = 3 62 | earliest = -3s 63 | latest = now 64 | interval = 3 65 | bundlelines = true 66 | sampletype = csv 67 | end = 1 68 | 69 | token.0.token = \d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2} 70 | token.0.replacementType = timestamp 71 | token.0.replacement = %Y-%m-%d %H:%M:%S 72 | 73 | [breakersample] 74 | sampleDir = ../breakersample 75 | outputMode = stdout 76 | count = 3 77 | earliest = -3s 78 | latest = now 79 | interval = 3 80 | breaker = ^\d{14}\.\d{6} 81 | end = 1 82 | 83 | token.0.token = ^(\d{14})\.\d{6} 84 | token.0.replacementType = timestamp 85 | token.0.replacement = %Y%m%d%H%M%S 86 | -------------------------------------------------------------------------------- /tests/sample_eventgen_conf/medium_test/eventgen.conf.fileoutput: -------------------------------------------------------------------------------- 1 | [windbag] 2 | generator = windbag 3 | earliest = -3s 4 | latest = now 5 | interval = 3 6 | count = 5 7 | end = 1 8 | outputMode = file 9 | fileName = test_file_output.result -------------------------------------------------------------------------------- /tests/sample_eventgen_conf/medium_test/eventgen.conf.scsoutput: -------------------------------------------------------------------------------- 1 | [windbag] 2 | generator = windbag 3 | earliest = -3s 4 | latest = now 5 | interval = 3 6 | count = 5 7 | end = 1 8 | outputMode = scsout 9 | host = eventgen_scs_plugin 10 | source = scs_plugin_test 11 | sourcetype = scs_plugin_test_type 12 | 13 | scsEndPoint = http://127.0.0.1 14 | scsAccessToken = testToken 15 | -------------------------------------------------------------------------------- /tests/sample_eventgen_conf/medium_test/eventgen.conf.syslogoutput: -------------------------------------------------------------------------------- 1 | [windbag] 2 | generator = windbag 3 | earliest = -3s 4 | latest = now 5 | interval = 3 6 | count = 5 7 | end = 1 8 | outputMode = syslogout 9 | syslogDestinationHost = 127.0.0.1 10 | syslogDestinationPort = 9999 11 | syslogAddHeader = false 12 | -------------------------------------------------------------------------------- /tests/sample_eventgen_conf/medium_test/eventgen.conf.syslogoutputwithheader: -------------------------------------------------------------------------------- 1 | [windbag] 2 | generator = windbag 3 | earliest = -3s 4 | latest = now 5 | interval = 3 6 | count = 5 7 | end = 1 8 | outputMode = syslogout 9 | syslogDestinationHost = 127.0.0.1 10 | syslogDestinationPort = 9999 11 | syslogAddHeader = true 12 | -------------------------------------------------------------------------------- /tests/sample_eventgen_conf/medium_test/eventgen.conf.tcpoutput: -------------------------------------------------------------------------------- 1 | [windbag] 2 | generator = windbag 3 | earliest = -3s 4 | latest = now 5 | interval = 3 6 | count = 5 7 | end = 1 8 | outputMode = tcpout 9 | tcpDestinationHost = 127.0.0.1 10 | tcpDestinationPort = 9999 -------------------------------------------------------------------------------- /tests/sample_eventgen_conf/medium_test/eventgen.conf.udpoutput: -------------------------------------------------------------------------------- 1 | [windbag] 2 | generator = windbag 3 | earliest = -3s 4 | latest = now 5 | interval = 3 6 | count = 5 7 | end = 1 8 | outputMode = udpout 9 | udpDestinationHost = 127.0.0.1 10 | udpDestinationPort = 9999 11 | -------------------------------------------------------------------------------- /tests/sample_eventgen_conf/perdayvolume/eventgen.conf.perdayvolume: -------------------------------------------------------------------------------- 1 | [perdayvolume] 2 | sampleDir = . 3 | perDayVolume = 1.1 4 | outputMode = stdout 5 | interval = 1 6 | end = 10 7 | 8 | token.0.token = \d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2} 9 | token.0.replacementType = timestamp 10 | token.0.replacement = %Y-%m-%d %H:%M:%S 11 | -------------------------------------------------------------------------------- /tests/sample_eventgen_conf/perdayvolume/eventgen.conf.perdayvolumesinglerun: -------------------------------------------------------------------------------- 1 | [perdayvolume] 2 | sampleDir = . 3 | end = 1 4 | interval=0 5 | perDayVolume = .01 6 | 7 | outputMode = stdout 8 | index = main 9 | sourcetype = windbag 10 | source = windbag.log 11 | host = localhost 12 | 13 | token.0.token = \d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2} 14 | token.0.replacementType = timestamp 15 | token.0.replacement = %Y-%m-%d %H:%M:%S 16 | -------------------------------------------------------------------------------- /tests/sample_eventgen_conf/perdayvolume/perdayvolume: -------------------------------------------------------------------------------- 1 | 2014-01-04 20:54:34 WINDBAG Event 1 of 5 2 | 2014-01-04 20:54:35 WINDBAG Event 2 of 5 3 | 2014-01-04 20:54:36 WINDBAG Event 3 of 5 4 | 2014-01-04 20:54:37 WINDBAG Event 4 of 5 5 | 2014-01-04 20:54:38 WINDBAG Event 5 of 5 -------------------------------------------------------------------------------- /tests/sample_eventgen_conf/perf/eventgen.conf.perfsample: -------------------------------------------------------------------------------- 1 | [sample] 2 | sampleDir = ../sample 3 | outputMode = devnull 4 | count = 100000 5 | earliest = now 6 | latest = now 7 | interval = 1 8 | randomizeEvents = true 9 | backfill = -10m 10 | 11 | token.0.token = \d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2} 12 | token.0.replacementType = timestamp 13 | token.0.replacement = %Y-%m-%d %H:%M:%S 14 | -------------------------------------------------------------------------------- /tests/sample_eventgen_conf/perf/eventgen.conf.perfsampleweblog: -------------------------------------------------------------------------------- 1 | [sample.shoppingapacheBrowse] 2 | sampleDir = ./weblog 3 | mode = sample 4 | outputMode = devnull 5 | index = main 6 | sourcetype = access_combined 7 | host = log.buttercupgames.com 8 | source = /opt/access_combined.log 9 | interval = 3 10 | earliest = -3s 11 | latest = now 12 | count = 2000 13 | hourOfDayRate = { "0": 0.30, "1": 0.10, "2": 0.10, "3": 0.10, "4": 0.15, "5": 0.25, "6": 0.35, "7": 0.50, "8": 0.60, "9": 0.65, "10": 0.70, "11": 0.75, "12": 0.77, "13": 0.80, "14": 0.82, "15": 0.85, "16": 0.87, "17": 0.90, "18": 0.95, "19": 1.0, "20": 0.85, "21": 0.70, "22": 0.60, "23": 0.45 } 14 | dayOfWeekRate = { "0": 0.97, "1": 0.95, "2": 0.90, "3": 0.97, "4": 1.0, "5": 0.99, "6": 0.55 } 15 | #minuteOfHourRate = { "0": 1, "1": 1, "2": 1, "3": 1, "4": 1, "5": 1, "6": 1, "7": 1, "8": 1, "9": 1, "10": 1, "11": 1, "12": 1, "13": 1, "14": 1, "15": 1, "16": 1, "17": 1, "18": 1, "19": 1, "20": 1, "21": 1, "22": 1, "23": 1, "24": 1, "25": 1, "26": 1, "27": 1, "28": 1, "29": 1, "30": 1, "31": 1, "32": 1, "33": 1, "34": 1, "35": 4, "36": 0.1, "37": 0.1, "38": 1, "39": 1, "40": 1, "41": 1, "42": 1, "43": 1, "44": 1, "45": 1, "46": 1, "47": 1, "48": 1, "49": 1, "50": 1, "51": 1, "52": 1, "53": 1, "54": 1, "55": 1, "56": 1, "57": 1, "58": 1, "59": 1 } 16 | randomizeCount = 0.33 17 | randomizeEvents = true 18 | backfill = -3d 19 | 20 | # replace timestamp 21 | token.0.token = \d{1,2}/\w{3}/\d{4}\s\d{2}:\d{2}:\d{2}:\d{1,3} 22 | token.0.replacementType = timestamp 23 | token.0.replacement = %d/%b/%Y %H:%M:%S:%f 24 | 25 | # replace client IP 26 | token.1.token = (XXXXXXXXXX) 27 | token.1.replacementType = file 28 | token.1.replacement = tests/sample_eventgen_conf/perf/weblog/external_ips.sample 29 | 30 | # replace server name 31 | token.2.token = (YYYYYYYYYY) 32 | token.2.replacementType = file 33 | token.2.replacement = tests/sample_eventgen_conf/perf/weblog/webhosts.sample 34 | 35 | # replace user agent string 36 | token.3.token = (DDDDDDDDDD) 37 | token.3.replacementType = file 38 | token.3.replacement = tests/sample_eventgen_conf/perf/weblog/useragents.sample 39 | 40 | # replace status 41 | token.4.token = (FFFFFFFFFF) 42 | token.4.replacementType = file 43 | token.4.replacement = tests/sample_eventgen_conf/perf/weblog/webserverstatus.sample 44 | 45 | # replace size 46 | token.5.token = (GGGGGGGGGG) 47 | token.5.replacementType = random 48 | token.5.replacement = integer[200:4000] 49 | 50 | # replace time taken 51 | token.6.token = (HHHHHHHHHH) 52 | token.6.replacementType = random 53 | token.6.replacement = integer[100:1000] 54 | -------------------------------------------------------------------------------- /tests/sample_eventgen_conf/perf/eventgen.conf.perfweblog: -------------------------------------------------------------------------------- 1 | [weblog] 2 | generator = weblog 3 | earliest = now 4 | latest = now 5 | interval = 3 6 | count = 2000 7 | outputMode = devnull 8 | backfill = -1h -------------------------------------------------------------------------------- /tests/sample_eventgen_conf/perf/eventgen.conf.perfwindbag: -------------------------------------------------------------------------------- 1 | [windbag] 2 | generator = windbag 3 | earliest = now 4 | latest = now 5 | interval = 10 6 | count = 500000 7 | outputMode = devnull 8 | backfill = -1d 9 | -------------------------------------------------------------------------------- /tests/sample_eventgen_conf/perf/weblog/WoCInGameActions: -------------------------------------------------------------------------------- 1 | 2013-09-03 16:30:20, 121.254.179.199 Event of Purchase type - - customer::900000000 transaction {catId - tools , productId=CU-PG-G06 , itemName='cheese board'} Item was purchased at 65 gold coins from Javert -------------------------------------------------------------------------------- /tests/sample_eventgen_conf/perf/weblog/actions.sample: -------------------------------------------------------------------------------- 1 | purchase -------------------------------------------------------------------------------- /tests/sample_eventgen_conf/perf/weblog/game.sample: -------------------------------------------------------------------------------- 1 | World_of_Cheese 2 | Dream_Crusher 3 | Puppies_vs_Zombies 4 | Benign_Space_Debris -------------------------------------------------------------------------------- /tests/sample_eventgen_conf/perf/weblog/gameservers.sample: -------------------------------------------------------------------------------- 1 | ace 2 | bubbles 3 | cupcake 4 | dash -------------------------------------------------------------------------------- /tests/sample_eventgen_conf/perf/weblog/guids.sample: -------------------------------------------------------------------------------- 1 | 1234567890 2 | 0987654321 -------------------------------------------------------------------------------- /tests/sample_eventgen_conf/perf/weblog/platforms.sample: -------------------------------------------------------------------------------- 1 | 'Apple iOS' 2 | 'Apple iOS' 3 | 'Apple iOS' 4 | 'Apple iOS' 5 | 'Apple iOS' 6 | 'Apple iOS' 7 | 'Apple iOS' 8 | 'Apple iOS' 9 | 'Apple iOS' 10 | 'Apple iOS' 11 | 'Apple OS X' 12 | 'Apple OS X' 13 | 'Apple OS X' 14 | Android 15 | Android 16 | Android 17 | Android 18 | Android 19 | Windows 20 | Windows 21 | Windows 22 | Windows 23 | Windows 24 | 'Windows Mobile' 25 | 'Windows Mobile' -------------------------------------------------------------------------------- /tests/sample_eventgen_conf/perf/weblog/sample.BSDInGameActions: -------------------------------------------------------------------------------- 1 | 2013-09-03 16:30:20, 121.254.179.199 platform=Windows Event of Purchase type - - customer::900000000 transaction {catId - tools , productId=CU-PG-G06 , itemName='cheese board'} Item was purchased at 65 gold coins from Javert -------------------------------------------------------------------------------- /tests/sample_eventgen_conf/perf/weblog/sample.CheeseProductionMen: -------------------------------------------------------------------------------- 1 | 2013-09-03 16:30:20, 121.254.179.199 @gameServer5 platform=Windows lang_EN Event of Cheesemaking type - - customer::900000000 transaction {cheeseType - cow , productId=CU-PG-G06 , cheeseName=cheddar} It took xxx seconds to make yyy ounces of cheese -------------------------------------------------------------------------------- /tests/sample_eventgen_conf/perf/weblog/sample.CheeseProductionWomen: -------------------------------------------------------------------------------- 1 | 2013-09-03 16:30:20, 121.254.179.199 @gameServer5 platform=Windows lang_EN Event of Cheesemaking type - - customer::900000000 transaction {cheeseType - cow , productId=CU-PG-G06 , cheeseName=cheddar} It took xxx seconds to make yyy ounces of cheese -------------------------------------------------------------------------------- /tests/sample_eventgen_conf/perf/weblog/sample.DreamCrusherInGameActions: -------------------------------------------------------------------------------- 1 | 2013-09-03 16:30:20, 121.254.179.199 platform=Windows Event of Purchase type - - customer::900000000 transaction {catId - tools , productId=CU-PG-G06 , itemName='cheese board'} Item was purchased at 65 gold coins from Javert -------------------------------------------------------------------------------- /tests/sample_eventgen_conf/perf/weblog/sample.PvZInGameActions: -------------------------------------------------------------------------------- 1 | 2013-09-03 16:30:20, 121.254.179.199 platform=Windows Event of Purchase type - - customer::900000000 transaction {catId - tools , productId=CU-PG-G06 , itemName='cheese board'} Item was purchased at 65 gold coins from Javert -------------------------------------------------------------------------------- /tests/sample_eventgen_conf/perf/weblog/sample.WoCInGameActions: -------------------------------------------------------------------------------- 1 | 2013-09-03 16:30:20, 121.254.179.199 platform=Windows Event of Purchase type - - customer::900000000 transaction {catId - tools , productId=CU-PG-G06 , itemName='cheese board'} Item was purchased at 65 gold coins from Javert -------------------------------------------------------------------------------- /tests/sample_eventgen_conf/perf/weblog/sample.platform: -------------------------------------------------------------------------------- 1 | Windows 2 | Windows 3 | Windows 4 | Windows 5 | Windows 6 | Windows 7 | 'Apple OS X' 8 | 'Apple OS X' 9 | Android 10 | Android 11 | Android 12 | Android 13 | Android 14 | 'Apple iOS' 15 | 'Apple iOS' 16 | 'Apple iOS' 17 | 'Apple iOS' 18 | 'Apple iOS' 19 | 'Apple iOS' 20 | 'Apple iOS' 21 | 'Apple iOS' 22 | 'Apple iOS' 23 | 'Apple iOS' 24 | 'Apple iOS' 25 | 'Apple iOS' 26 | 'Windows Mobile' 27 | 'Windows Mobile' -------------------------------------------------------------------------------- /tests/sample_eventgen_conf/perf/weblog/sample.shoppingapacheBrowse: -------------------------------------------------------------------------------- 1 | YYYYYYYYYY XXXXXXXXXX - - [29/Apr/2013 18:09:05:132] "GET /product.screen?product_id=HolyGouda&JSESSIONID=SD3SL1FF7ADFF8 HTTP 1.1" FFFFFFFFFF HHHHHHHHHH "http://shop.buttercupgames.com/cart.do?action=view&itemId=HolyGouda" "DDDDDDDDDD" GGGGGGGGGG -------------------------------------------------------------------------------- /tests/sample_eventgen_conf/perf/weblog/sample.shoppingapacheCart: -------------------------------------------------------------------------------- 1 | YYYYYYYYYY XXXXXXXXXX - - [29/Apr/2013 18:09:05:132] "GET /product.screen?product_id=HolyGouda&JSESSIONID=SD3SL1FF7ADFF8 HTTP 1.1" FFFFFFFFFF HHHHHHHHHH "http://shop.buttercupgames.com/cart.do?action=addtocart&itemId=HolyGouda" "DDDDDDDDDD" GGGGGGGGGG -------------------------------------------------------------------------------- /tests/sample_eventgen_conf/perf/weblog/sample.shoppingapachePurchase: -------------------------------------------------------------------------------- 1 | YYYYYYYYYY XXXXXXXXXX - - [04/Sep/2013 23:48:21:371] "GET /product.screen?product_id=HolyGouda&JSESSIONID=SD9SL5FF9ADFF1 HTTP 1.1" FFFFFFFFFF HHHHHHHHHH "http://shop.buttercupgames.com/cart.do?action=purchase&itemId=HolyGouda" "DDDDDDDDDD" GGGGGGGGGG 2 | 3 | -------------------------------------------------------------------------------- /tests/sample_eventgen_conf/perf/weblog/sample.vendors: -------------------------------------------------------------------------------- 1 | Bries_R_Us 2 | Epic_Wine_Shop 3 | Kingdom_Of_Cheese_Trays 4 | Señor_Queso 5 | Whole_Curds -------------------------------------------------------------------------------- /tests/sample_eventgen_conf/perf/weblog/webhosts.sample: -------------------------------------------------------------------------------- 1 | 10.2.1.33 2 | 10.2.1.34 3 | 10.2.1.35 -------------------------------------------------------------------------------- /tests/sample_eventgen_conf/replay/eventgen.conf.badtimestamp: -------------------------------------------------------------------------------- 1 | [badtimestamp] 2 | sampleDir = . 3 | generator = replay 4 | timeMultiple = 2 5 | 6 | outputMode = stdout 7 | index = main 8 | sourcetype = windbag 9 | source = windbag.log 10 | host = localhost 11 | 12 | token.0.token = \d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2} 13 | token.0.replacementType = timestamp 14 | token.0.replacement = %Y-%m-%d %H:%M:%S 15 | -------------------------------------------------------------------------------- /tests/sample_eventgen_conf/replay/eventgen.conf.replay: -------------------------------------------------------------------------------- 1 | [replay] 2 | sampleDir = . 3 | backfill = -5s 4 | sampletype = raw 5 | outputMode = stdout 6 | end = 1 7 | mode = replay 8 | 9 | token.0.token = \d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2} 10 | token.0.replacementType = replaytimestamp 11 | token.0.replacement = %Y-%m-%d %H:%M:%S 12 | 13 | token.1.token = @@integer 14 | token.1.replacementType = random 15 | token.1.replacement = integer[0:10] 16 | -------------------------------------------------------------------------------- /tests/sample_eventgen_conf/replay/eventgen.conf.timeorder: -------------------------------------------------------------------------------- 1 | [timeorder] 2 | sampleDir = . 3 | generator = replay 4 | timeMultiple = 2 5 | sampletype = csv 6 | timeField = _time 7 | 8 | outputMode = stdout 9 | index = main 10 | sourcetype = windbag 11 | source = windbag.log 12 | host = localhost 13 | 14 | token.0.token = \d{4}-\d{2}-\d{2}T\d{2}:\d{2}:\d{2} 15 | token.0.replacementType = timestamp 16 | token.0.replacement = %Y-%m-%dT%H:%M:%S 17 | -------------------------------------------------------------------------------- /tests/sample_eventgen_conf/replay/replay: -------------------------------------------------------------------------------- 1 | 2014-01-04 20:00:00 WINDBAG Event 1 of 12 randint @@integer 2 | 2014-01-04 20:00:01 WINDBAG Event 2 of 12 randint @@integer 3 | 2014-01-04 20:00:02 WINDBAG Event 3 of 12 randint @@integer 4 | 2014-01-04 20:00:03 WINDBAG Event 4 of 12 randint @@integer 5 | 2014-01-04 20:00:03 WINDBAG Event 5 of 12 randint @@integer 6 | 2014-01-04 20:00:04 WINDBAG Event 6 of 12 randint @@integer 7 | 2014-01-04 20:00:05 WINDBAG Event 7 of 12 randint @@integer 8 | 2014-01-04 20:00:06 WINDBAG Event 8 of 12 randint @@integer 9 | 2014-01-04 20:00:08 WINDBAG Event 9 of 12 randint @@integer 10 | 2014-01-04 20:00:20 WINDBAG Event 10 of 12 randint @@integer 11 | 2014-01-04 20:00:21 WINDBAG Event 11 of 12 randint @@integer 12 | 2014-01-04 20:00:21 WINDBAG Event 12 of 12 randint @@integer 13 | -------------------------------------------------------------------------------- /tests/sample_eventgen_conf/replaytimestamp/eventgen.conf.replaytimestamp: -------------------------------------------------------------------------------- 1 | [sample.mobilemusic.csv] 2 | sampleDir = . 3 | outputMode = stdout 4 | sampletype = csv 5 | interval = 3 6 | earliest = -3s 7 | latest = now 8 | count = 1 9 | bundlelines = true 10 | hourOfDayRate = { "0": 0.30, "1": 0.20, "2": 0.20, "3": 0.20, "4": 0.20, "5": 0.25, "6": 0.35, "7": 0.50, "8": 0.60, "9": 0.65, "10": 0.70, "11": 0.75, "12": 0.77, "13": 0.80, "14": 0.82, "15": 0.85, "16": 0.87, "17": 0.90, "18": 0.95, "19": 1.0, "20": 0.85, "21": 0.70, "22": 0.60, "23": 0.45 } 11 | dayOfWeekRate = { "0": 0.97, "1": 0.95, "2": 0.90, "3": 0.97, "4": 1.0, "5": 0.99, "6": 0.55 } 12 | randomizeCount = 0.2 13 | backfill = -5m 14 | end = 5 15 | 16 | token.0.token = ((\w+\s+\d+\s+\d{2}:\d{2}:\d{2}:\d{3})|(\d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2}:\d{3})) 17 | token.0.replacementType = replaytimestamp 18 | token.0.replacement = ["%b %d %H:%M:%S:%f", "%Y-%m-%d %H:%M:%S:%f"] 19 | -------------------------------------------------------------------------------- /tests/sample_eventgen_conf/replaytimestamp/sample.mobilemusic.csv: -------------------------------------------------------------------------------- 1 | index,host,source,sourcetype,_raw oidemo,localhost,/var/log/radius.log,radius,May 27 18:28:11:000 aaa2 radiusd[12676]:[ID 959576 local1.info] INFO RADOP(13) acct start for 5559031692@splunktel.com 10.94.63.34 from 130.253.37.97 recorded OK. oidemo,localhost,/var/log/httpd/access_log,access_custom,"2014-05-27 18:28:11:112 10.2.1.35 POST /playhistory/uploadhistory - 80 - 10.94.63.34 ""Mozilla/5.0 (Linux; U; Android 2.3.4; en-us; Sprint APX515CKT Build/GRJ22) AppleWebKit/533.1 (KHTML, like Gecko) Version/4.0 Mobile Safari/533.1"" 200 0 0 468 1488" oidemo,localhost,/var/log/radius.log,radius,May 27 18:28:11:199 aaa2 radiusd[12676]:[ID 959576 local1.info] INFO RADOP(13) acct stop for 5559031692@splunktel.com 10.94.63.34 from 130.253.37.97 recorded OK. 2 | -------------------------------------------------------------------------------- /tests/sample_eventgen_conf/sample/eventgen.conf.epochtime: -------------------------------------------------------------------------------- 1 | [sample] 2 | sampleDir = . 3 | outputMode = stdout 4 | count = 3 5 | earliest = -3s 6 | latest = now 7 | interval = 3 8 | end = 5 9 | 10 | token.0.token = \d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2} 11 | token.0.replacementType = timestamp 12 | token.0.replacement = %s.%f 13 | -------------------------------------------------------------------------------- /tests/sample_eventgen_conf/sample/eventgen.conf.fullsample: -------------------------------------------------------------------------------- 1 | [sample] 2 | sampleDir = . 3 | outputMode = stdout 4 | count = 0 5 | earliest = -3s 6 | latest = now 7 | interval = 3 8 | end = 5 9 | 10 | token.0.token = \d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2} 11 | token.0.replacementType = timestamp 12 | token.0.replacement = %Y-%m-%d %H:%M:%S 13 | -------------------------------------------------------------------------------- /tests/sample_eventgen_conf/sample/eventgen.conf.longsample: -------------------------------------------------------------------------------- 1 | [sample] 2 | sampleDir = . 3 | outputMode = stdout 4 | count = 10 5 | earliest = -3s 6 | latest = now 7 | interval = 3 8 | end = 5 9 | 10 | token.0.token = \d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2} 11 | token.0.replacementType = timestamp 12 | token.0.replacement = %Y-%m-%d %H:%M:%S.%f 13 | -------------------------------------------------------------------------------- /tests/sample_eventgen_conf/sample/eventgen.conf.notoken: -------------------------------------------------------------------------------- 1 | [sample] 2 | sampleDir = . 3 | outputMode = stdout 4 | count = 3 5 | earliest = -3s 6 | latest = now 7 | interval = 3 8 | end = 1 9 | -------------------------------------------------------------------------------- /tests/sample_eventgen_conf/sample/eventgen.conf.randomsample: -------------------------------------------------------------------------------- 1 | [sample] 2 | sampleDir = . 3 | outputMode = stdout 4 | count = 3 5 | earliest = -3s 6 | latest = now 7 | interval = 3 8 | randomizeEvents = true 9 | end = 5 10 | 11 | token.0.token = \d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2} 12 | token.0.replacementType = timestamp 13 | token.0.replacement = %Y-%m-%d %H:%M:%S 14 | -------------------------------------------------------------------------------- /tests/sample_eventgen_conf/sample/eventgen.conf.shortsample: -------------------------------------------------------------------------------- 1 | [sample] 2 | sampleDir = . 3 | outputMode = stdout 4 | count = 3 5 | earliest = -3s 6 | latest = now 7 | interval = 3 8 | end = 5 9 | 10 | token.0.token = \d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2} 11 | token.0.replacementType = timestamp 12 | token.0.replacement = %Y-%m-%d %H:%M:%S 13 | -------------------------------------------------------------------------------- /tests/sample_eventgen_conf/sample/sample: -------------------------------------------------------------------------------- 1 | 2014-01-04 20:54:34 WINDBAG Event 1 of 5 2 | 2014-01-04 20:54:35 WINDBAG Event 2 of 5 3 | 2014-01-04 20:54:36 WINDBAG Event 3 of 5 4 | 2014-01-04 20:54:37 WINDBAG Event 4 of 5 5 | 2014-01-04 20:54:38 WINDBAG Event 5 of 5 -------------------------------------------------------------------------------- /tests/sample_eventgen_conf/scsout/eventgen.conf: -------------------------------------------------------------------------------- 1 | [splunk_cloud_platform_events.txt] 2 | sampleDir = . 3 | interval = 1 4 | mode = replay 5 | end = 1 6 | outputMode = scsout 7 | host = eventgen_scs_plugin 8 | source = scs_plugin_test 9 | sourcetype = scs_plugin_test_type 10 | 11 | scsEndPoint = 12 | scsAccessToken = 13 | 14 | token.0.token = \d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2} 15 | token.0.replacementType = replaytimestamp 16 | token.0.replacement = %Y-%m-%d %H:%M:%S -------------------------------------------------------------------------------- /tests/sample_eventgen_conf/scsout/splunk_cloud_platform_events.txt: -------------------------------------------------------------------------------- 1 | 2014-01-04 20:00:00 Event1 happened 2 | 2014-01-04 20:00:01 Event2 happened 3 | 2014-01-04 20:00:03 Event3 happened 4 | 2014-01-04 20:00:05 Event4 happened user bought @@item 5 | 2014-01-04 20:00:10 Event5 happened @@item -------------------------------------------------------------------------------- /tests/sample_eventgen_conf/splitsample/eventgen.conf.splitcounter: -------------------------------------------------------------------------------- 1 | [sample] 2 | sampleDir = ../sample 3 | outputMode = stdout 4 | earliest = now 5 | latest = now 6 | interval = 1 7 | randomizeEvents = true 8 | end = 1 9 | count = 33 10 | splitSample = 2 11 | 12 | token.0.token = \d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2} 13 | token.0.replacementType = timestamp 14 | token.0.replacement = %Y-%m-%d %H:%M:%S 15 | -------------------------------------------------------------------------------- /tests/sample_eventgen_conf/test1/categories.sample: -------------------------------------------------------------------------------- 1 | CASES 2 | DISPLAYPROTECT 3 | HEADSETS 4 | BLUETOOTH 5 | BATTERIES 6 | MEMORYCARDS 7 | CHARGERS 8 | HEADSETS 9 | MOUNTS 10 | ACCESSORIES 11 | -------------------------------------------------------------------------------- /tests/sample_eventgen_conf/test1/items.sample: -------------------------------------------------------------------------------- 1 | EST-19 2 | EST-18 3 | EST-14 4 | EST-6 5 | EST-26 6 | EST-17 7 | EST-16 8 | EST-15 9 | EST-27 10 | EST-7 11 | EST-21 12 | EST-11 13 | EST-12 14 | EST-13 15 | EST-20 16 | EST-1 17 | 18 | -------------------------------------------------------------------------------- /tests/sample_eventgen_conf/test1/products.sample: -------------------------------------------------------------------------------- 1 | CC-P3-OTTERBOX-OBIPHONE4 2 | CC-P3-OTTERBOX-OBIPHONE5 3 | CC-P3-BELKIN-SILBLKIPH4 4 | CC-P3-BELKIN-SILBLKIPH5 5 | CC-P3-APPLE-BUMPIPHONE4 6 | CC-P4-OTTERBOX-OBDROID4 7 | CC-T7-ZAGG-FOLIOMINI 8 | CC-T7-BELKIN-SLEEVE 9 | CC-T10-RIM-BBERRYPLAY 10 | CC-T11-ZAGG-FOLIO 11 | CC-T11-BELKIN-SLEEVE 12 | DP-IPHONE4 13 | DP-IPHONE5 14 | DP-NOKLUMIA 15 | DP-HTCONE 16 | DP-HTCREZOUND 17 | DP-HTCDROIDINC 18 | DP-MOTDROID2 19 | DP-MOTDROID3 20 | DP-MOTDROIDRAZ 21 | DP-SAMSGALAX 22 | DP-SAMSGALAX3 23 | DP-SAMSGALAX4 24 | DP-SAMSGALAXTAB 25 | BT-HS-BEATSWIRELESS 26 | BT-HS-PLANT-M25 27 | BT-HS-PLANT-VOYLEGEND 28 | BT-HS-JAWB-ICONTHD 29 | BT-HS-JABRA-WAVE 30 | BT-HS-SAMS-HM1300 31 | BT-SP-JAWB-JAMBOX 32 | BT-SP-JAWB-JAMBOXBIG 33 | BT-SP-BOSESNDLNK2 34 | BT-KB-LOGITECH 35 | BT-MO-MOT-BTMOUSE 36 | BT-CK-JABRA-FREEWAY 37 | BT-CK-D-ROADSTER2 38 | BA-MOPHIE-JUICEPACKPLUS 39 | BA-MOPHIE-JUICEPACKAIR 40 | BA-NOK-LUMIA 41 | BA-HTC-REZOUND 42 | BA-SAMS-STELLAR 43 | MC-SANDISK-MICROSD4GB 44 | MC-SANDISK-MICROSD8GB 45 | MC-SANDISK-MICROSD16GB 46 | MC-SANDISK-MICROSD32GB 47 | MC-SANDISK-MICROSD64GB 48 | MC-SANDISK-READER 49 | MC-INTUIT-CCREADER 50 | MC-SQUARE-CCREADER 51 | CH-APPLE-5W 52 | CH-APPLE-10W 53 | CH-APPLE-12W 54 | CH-APPLE-5WL 55 | CH-APPLE-10WL 56 | CH-APPLE-12WL 57 | CH-MOT-MICROUSB 58 | CH-RIM-MICROUSB 59 | CH-SAMS-MICROUSB 60 | CH-NOK-INDUCTIVE 61 | HS-APPLE-EARBUDS 62 | HS-KLIPSCH-IMAGEONE 63 | HS-SENNH-CX870 64 | HS-BOSE-MIE2I 65 | HS-SKULLC-MERGER 66 | HS-MONST-NERGY 67 | HS-PLANT-MX200 68 | MO-IBOLT-MOUNT 69 | MO-MOT-RAZRM 70 | MO-IGRIP-WINDOW 71 | MO-IGRIP-VENT 72 | AC-ASSTCHARMS 73 | AC-BLING 74 | AC-SIERRA-HOTSPOT3G 75 | AC-SIERRA-HOTSPOT4G 76 | AC-MOTO-HOTSPOT3G 77 | AC-MOTO-HOTSPOT4G 78 | AC-SAMS-NETEXTEND 79 | -------------------------------------------------------------------------------- /tests/sample_eventgen_conf/test1/shoppingactions.sample: -------------------------------------------------------------------------------- 1 | purchase 2 | addtocart 3 | remove 4 | view 5 | changequantity 6 | -------------------------------------------------------------------------------- /tests/sample_eventgen_conf/test1/webhosts.sample: -------------------------------------------------------------------------------- 1 | 10.2.1.33 2 | 10.2.1.34 3 | 10.2.1.35 -------------------------------------------------------------------------------- /tests/sample_eventgen_conf/windbag/eventgen.conf.windbag: -------------------------------------------------------------------------------- 1 | [windbag] 2 | generator = windbag 3 | interval = 3 4 | count = 5 5 | end = 3 6 | outputMode = stdout 7 | 8 | token.0.token = \d{4}-\d{2}-\d{2} \d{2}:\d{2}:\d{2} 9 | token.0.replacementType = replaytimestamp 10 | token.0.replacement = %Y-%m-%d %H:%M:%S -------------------------------------------------------------------------------- /tests/sample_eventgen_conf/windbag/eventgen.conf.windbag.end: -------------------------------------------------------------------------------- 1 | [windbag] 2 | generator = windbag 3 | earliest = -3s 4 | latest = now 5 | interval = -1 6 | count = 5 7 | end = 5 8 | outputMode = stdout 9 | 10 | [windbag2] 11 | generator = windbag 12 | earliest = -3s 13 | backfill = 1m 14 | latest = now 15 | interval = 3 16 | count = 5 17 | end = 5 18 | outputMode = stdout 19 | -------------------------------------------------------------------------------- /tests/sample_jinja_addon.zip: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/splunk/eventgen/52542a6565ab75d7f1ad7debbdf75cfa9b79d226/tests/sample_jinja_addon.zip -------------------------------------------------------------------------------- /tests/small/test_main.py: -------------------------------------------------------------------------------- 1 | #!/usr/bin/env python3 2 | 3 | import os 4 | import sys 5 | 6 | from mock import MagicMock 7 | 8 | from splunk_eventgen.__main__ import gather_env_vars 9 | 10 | FILE_DIR = os.path.dirname(os.path.realpath(__file__)) 11 | sys.path.insert(0, os.path.join(FILE_DIR, "..", "..", "..")) 12 | sys.path.insert(0, os.path.join(FILE_DIR, "..", "..", "..", "splunk_eventgen")) 13 | 14 | 15 | def test_gather_env_vars(): 16 | args = MagicMock() 17 | args.redis_host = "127.0.0.1" 18 | args.redis_port = "6379" 19 | args.web_server_port = "9500" 20 | obj = gather_env_vars(args) 21 | assert obj == { 22 | "REDIS_HOST": "127.0.0.1", 23 | "REDIS_PORT": "6379", 24 | "WEB_SERVER_PORT": "9500", 25 | } 26 | -------------------------------------------------------------------------------- /tests/test-reports/.placeholder: -------------------------------------------------------------------------------- https://raw.githubusercontent.com/splunk/eventgen/52542a6565ab75d7f1ad7debbdf75cfa9b79d226/tests/test-reports/.placeholder -------------------------------------------------------------------------------- /tests/unit/conftest.py: -------------------------------------------------------------------------------- 1 | from os import path as op 2 | 3 | import pytest 4 | 5 | from splunk_eventgen.lib.eventgenconfig import Config 6 | 7 | 8 | @pytest.fixture 9 | def eventgen_config(): 10 | """Returns a function to create config instance based on config file""" 11 | 12 | def _make_eventgen_config_instance(configfile=None): 13 | if configfile is not None: 14 | configfile = op.join( 15 | op.dirname(op.dirname(__file__)), 16 | "sample_eventgen_conf", 17 | "unit", 18 | configfile, 19 | ) 20 | return Config(configfile=configfile) 21 | 22 | return _make_eventgen_config_instance 23 | --------------------------------------------------------------------------------