rao.sh

#!/bin/bash
# DGEN Setup Script
# Xander - July 28 2016

# This is made for OSX. You can change the wget location if you want to download a linux binary.
# You will need git installed on your machine for you to clone the eventgen repo.

#################################

# What does this scipt do?
# Read for yourself :)
# 1.) Download splunk
# 2.) Download eventgen
# 3.) Create samples
# 4.) Create an eventgen.conf
# 5.) Create a new input & index (dgen)
# 6.) Start a splunk instance

##################################

# Instructions to run
# 1.) Change to a directory you'd like to install Splunk in.
# - make sure you have rights to this directory
# 2.) Run this script like so:
#     bash ./rao.sh
# 3.) Type in admin & changeme when prompted for username and password
# 4.) When it's done, check index=dgen to see whats up.

####################################

# Present working directory
PWD=`pwd`

# Download splunk
wget -O splunk-6.4.2-00f5bb3fa822-darwin-64.tgz 'https://www.splunk.com/bin/splunk/DownloadActivityServlet?architecture=x86&platform=macos&version=6.4.2&product=splunk&filename=splunk-6.4.2-00f5bb3fa822-darwin-64.tgz&wget=true'
tar xvf splunk-6.4.2-00f5bb3fa822-darwin-64.tgz

# Start splunk
./splunk/bin/splunk start --accept-license

# You will need to type admin, then changeme.
# Default user name and password.

# Create app
./splunk/bin/splunk create app dgen
./splunk/bin/splunk stop

# Make a samples directory #omg
mkdir ./splunk/etc/apps/dgen/samples

# Make a local directory #omg
mkdir ./splunk/etc/apps/dgen/local

# Senor Durvasula has provided us with the sample #1
echo "05/31/2013 10:42:48, order=s1, price=7.50, from=walk-in
05/31/2013 11:42:49, order=s2, price=6.95, from=fax
05/31/2013 11:43:25, order=s3  price=7.25, from=web
05/31/2013 11:43:29, order=s4, price=5.75, from=phone
05/31/2013 11:43:33, order=s5, price=6.75, from=walk-in
05/31/2013 11:44:25, order=s2, price=6.95, from=web
05/31/2013 11:44:36, order=s3, price=7.25, from=web
05/31/2013 20:00:00, order=s1, price=7.50, from=walk-in" > ./splunk/etc/apps/dgen/samples/weekday.sample

# Senor Durvasula has provided us with the sample #2
echo "05/31/2013 11:00:48, order=p1, price=45, from=fax, coupon=yes, drivers=3
05/31/2013 11:42:49, order=p2, price=67, from=fax, coupon=no, drivers=2
05/31/2013 11:43:25, order=p3, price=53, from=web, coupon=yes, drivers=2
05/31/2013 11:43:29, order=p4, price=74, from=phone, coupon=no, drivers=1
05/31/2013 11:43:33, order=p5, price=80, from=phone, coupon=yes, drivers=3
05/31/2013 11:44:25, order=p2, price=67, from=web, coupon=yes, drivers=3
05/31/2013 11:44:36, order=p3, price=53, from=web, coupon=no, drivers=3
05/31/2013 19:00:00, order=p1, price=45, from=phone, coupon=yes, drivers=3" > ./splunk/etc/apps/dgen/samples/weekend.sample

# Begin the eventgen.conf
echo '####################
## RAOS ITSI DGEN ##
####################

# Rao is a master of style and grace
# Chris V as handsome as anyone could be

# Made w/love by Xander @metasyn

###############################
### WEEKDAY SAMPLE SETTINGS ###
###############################

# this stanza is the name of the file we made
[weekday.sample]

# interval: how often do we want to create an event
# latest: when is the latest event
# count: how many draws do we take from the sample file per interval
interval = 1
latest = now
count = 1

# Variance of count
randomizeCount = 0.33

# Were sending to stdout because its a scripted input
outputMode = stdout

####################################
#### WEEKEDAY TOKEN REPLACEMENT ####
####################################

# Zero represents sunday
# The zeros mean we dont make data on those days
# We set "0 "and "6" to 0 for weekdays only
dayOfWeekRate = {"0": 0, "1": 1, "2": 1, "3": 1, "4": 1, "5": 1, "6": 0}

# You have to love the regex
# Here we are replacing the time token
token.0.token = \d{2}/\d{2}/\d{4} \d{2}:\d{2}:\d{2}
token.0.replacementType = timestamp
token.0.replacement = %m/%d/%Y %H:%M:%S

# this token replaces order number
# guid values are cool! its all the rage these days.
token.1.token = order.s(\d)
token.1.replacementType = rated
token.1.replacement = guid

# this token replaces the price
# Lets choose 3 to 20 because why not!
# <-(hashtag) life is short
token.2.token = price.(\d+\.\d\d)
token.2.replacementType = rated
token.2.replacement = float[3.00:20.00]

# this token replaces the from field
# life is full of joy
token.3.token = from.([\w-]+)
token.3.replacementType = rated
token.3.replacement = list["fax", "web", "phone", "walk-in"]


###############################
### WEEKEND SAMPLE SETTINGS ###
###############################

[weekend.sample]

# interval: how often do we want to create an event
# latest: when is the latest event
# count: how many draws do we take from the sample file per interval
interval = 1
latest = now
count = 1

# Variance of count
randomizeCount = 0.33

# Were sending to stdout because its a scripted input
outputMode = stdout

####################################
#### WEEKEND TOKEN REPLACEMENT #####
####################################

# Zero represents sunday
# The zero values mean we dont make data on those days
# We set "0" and "6" to 1 to have a weekend only series.
dayOfWeekRate = {"0": 1, "1": 0, "2": 0, "3": 0, "4": 0, "5": 0, "6": 1}

# You have to love the regex
# Here we are replacing the time token
token.0.token = \d{2}/\d{2}/\d{4} \d{2}:\d{2}:\d{2}
token.0.replacementType = timestamp
token.0.replacement = %m/%d/%Y %H:%M:%S

# this token replaces order number
# guid values are cool! its all the rage these days.
token.1.token = order.p(\d)
token.1.replacementType = rated
token.1.replacement = guid

# this token replaces the price
# Lets choose 40 to 90, because Rao !
token.2.token = price.(\d+)
token.2.replacementType = rated
token.2.replacement = integer[40:90]

# this token replaces the from field
# life is full of joy
token.3.token = from.([\w-]+)
token.3.replacementType = rated
token.3.replacement = list["fax", "web", "phone"]

# this token replaces the coupon field
# who dont love a coupon !?
token.4.token = coupon.(\w+)
token.4.replacementType = rated
token.4.replacement = list["yes","no"]

# this token replaces the drivers field
# driving can be hard work
token.5.token = drivers.(\d+)
token.5.replacementType = rated
token.5.replacement = integer[1:4]' > ./splunk/etc/apps/dgen/local/eventgen.conf

# steal bins & lib from github

# clone it !
git clone http://github.com/splunk/eventgen.git
# copy it !
cp -r ./eventgen/bin ./splunk/etc/apps/dgen/
# steal it !
cp -r ./eventgen/lib ./splunk/etc/apps/dgen/
# steal MORE !
cp ./eventgen/default/eventgen.conf ./splunk/etc/apps/dgen/default/eventgen.conf
# kill it !
rm -rf ./eventgen

# Ok. We're feeling pretty good at this point. Life is good.

################################
#### SPLUNK INPUT CREATION #####
################################

# Create an input
echo "[monitor://$PWD/dgen.log]
disabled = false
host = dgen_stream
index = dgen
sourcetype = dgen" > ./splunk/etc/apps/dgen/local/inputs.conf

# Create an index
echo '[dgen]
coldPath = $SPLUNK_DB/dgen/colddb
enableDataIntegrityControl = 0
enableTsidxReduction = 0
homePath = $SPLUNK_DB/dgen/db
maxTotalDataSizeMB = 512000
thawedPath = $SPLUNK_DB/dgen/thaweddb' > ./splunk/etc/apps/dgen/local/indexes.conf

##########################
#### SCRIPT CREATION #####
##########################

# This is the script that the user will call
# To actually kick off the data generator
# and append the output to the file we are monitoring.

echo "python -u ./eventgen.py ../local/eventgen.conf >> $PWD/dgen.log" > ./splunk/etc/apps/dgen/bin/dgen.sh
chmod +x ./splunk/etc/apps/dgen/bin/dgen.sh

# Start data generator
cd ./splunk/etc/apps/dgen/bin
/bin/bash dgen.sh &

# Start splunk !
cd ../../../../../ 
./splunk/bin/splunk start

echo "#########################################################################"
echo "We're done ! ^___^ Go to splunk now @ localhost:8000 and search index=dgen"
echo ""
echo "The truth is not always beautiful, nor beautiful words the truth. - Lao Tsu"