Splunk eventgen now supports negative values

The Netherlands is a country with a lot of water. A big part of the country is even below sea level. And we even have a branch of government whose only concern is water management, water boards.

I had the opportunity to show one of the boards how their work could be more efficient, based on data. As a picure says more than 1000 words, and a demo persuades better than 100 slides, I prepared a demo in Splunk.

In this demo I want to show, among other things, actual and historical water levels on an interactive map. For this demo, I do not have acces to real data, so I use eventgen to generate some fake data.

The area of the Netherlands managed by this water board is mostly below sea level. To make the demo somewhat realistic I need to generate level data with negative values. To do this I use the eventgen tool. And this is where the fun started.

In the config file of eventgen you can define a range which specifies which random values eventgen will generate, exacly what I want! But, as soon as I move the range below zero, nothing is generated anymore.

I said this was turning out to be fun, right? So I dug into the eventgen sources. Which is my kind of fun. It was quite easy to get a grasp on the structure of the project. And I was able to pinpoint quite fast where where the issue originated.

So I created an issue and PR's #127, #246, #360 on GitHub. While looking into the problem with the negative values, I noticed a small problem with the test scripts when you run them on MacOS, so I fixed that as well.

The end result is an updated version of eventgen, which now support the generation of random negative values!

In case you are still interested, the water board was impressed, and decided to implement functions based on Splunk like the ones I showed in my demo.