TA lacking eventgen

Question

TA lacking eventgen

randolpht opened this issue 7 years ago · 3 comments

Are you guys not including eventgen in this revision of the TA?

Answer 1 · 2018-03-09T21:31:32.000Z

We removed the eventgen because its so big. At 30 MB, it seemed silly to redistribute that across every SearchHead, Indexer, and Heavy Forwarder. The eventgen comes packaged with the docker version of the app: https://hub.docker.com/r/btorresgil/splunk-panw-demo

Do you want it added back into the TA? What's the use case?

Answer 2 · 2018-03-15T02:06:31.000Z

Nope. I just have done some stuff for my internal lab with the eventgen. I will grab it from your docker version.

Thanks!

Answer 3 · 2018-03-21T16:54:11.000Z

Sounds good, thanks! Closing, but commenting is still open if there are other opinions to share on this.