Event generator

EventGen

EventGen is a quick way to build believable sample events without hand-crafting every line. Drag fields into the layout, tweak values in Create a Field, then hit Generate Sample to see how the events read. Need a starting point? The Data Source Catalog is packed with vendor templates and filters (type, era, tags) so you can spin up a realistic baseline fast. When the output looks right, download a ZIP or a Splunk app bundle wired to your chosen sourcetype, index, and field order.

Fast start

Jump in with a proven baseline instead of starting from scratch. Pull from curated fields or grab a Data Source Catalog template, then tweak the pieces that matter for your environment.

Pick a source template, vendor tag, or era filter
Drag fields into the layout and tune values fast
Export quick samples or a full Splunk app bundle

Create a field

Define a field once, then reuse it in any event layout.

Hide

Event layout

Set global options and drag to reorder fields left to right.

Field delimiter Interval range (seconds)

Drag fields here to build your event format.

Sample output

Preview the first three generated events.

Use "Generate sample" to preview events.

Event count

Splunk server OS: Linux Windows

This only affects the Splunk app download. Choose the OS of the Splunk server that will run EventGen.

Field library

Search, drag, or add fields into your event layout.

Filter fields

Vendor Type Era