Hopefully you caught our Splunk Developer Spring 2020 Update in May, if you haven’t yet what are you waiting for? It introduces many updates from Splunk, including Splunk’s latest simulation tool — SimData.
SimData is the best way to simulate correlated data sets for your Splunk apps. Here, we’ll cover the basics, and we’ve provided some helpful links at the bottom of this post for more details. We’ve got your back.
Great…but what can “correlated data sets” do for me? Well, I’m glad you asked. SimData allows you to build, test, and demo your Splunk app without ever accessing production data. In fact, our own technical marketing teams use SimData to demo complex scenarios - like an entire Splunk ITSI environment. Yes, microservices and all!
SimData might be a bit different from other tools you’ve heard of. Instead of replaying data, which has its own use cases, SimData models real world scenarios through its Domain-Specific Language (DSL). SimData modeling is done in a few easy steps:
- Define the entities in your simulation. To model a simple web application, you might have 3 entities: users, web servers, and databases.
- Define the interactions between entities. For example, users make web requests, which then contact databases. Then, the interactions reverse back to the user.
- Create the event types for your simulation. Based on the data you want SimData to output, you can define the event types using a string template. It’s easier than regular expressions! For example, you could define user HTTP requests, Apache logs, and transaction logs for the databases.
- Configure where to send your simulated data. Splunk HEC is the most popular SimData transport, however it also supports output to a file or standard out.
This is a simple SimData DSL which defines a Greeter entity, which emits a "Hello, World!" greeting every five seconds.
SimData also allows you to create different scenes for a simulation with a JSON configuration file, called a scene, that can dramatically alter the way SimData runs a given simulation. In a scene file, you configure how many entities are in the simulation, where the simulated data goes, and set up a Simulation control UI. That’s right, SimData comes with its very own controls for modifying an already running simulation. The control UI lets you change the simulation in real time while the data is being generated, you don't have to code these changes in advance. For example, in an e-commerce website simulation you could simulate a heavy user load on a web server or the database disk failure.
This is a simple SimData scene which configures the simulation to have a single Greeter entity, the default simulation clock settings, and to print events to stdout by using "Text" as the default transport.
This is the control UI for the app management simulation, which models Database, User, and WebServer bots. This simulation DSL and scene can be found on the SimData examples repo on GitHub.
So What’s New?
- Support for array values
- Get, Set, and Time functions
- Mockdata selection modes
- ForEach loops
- Modulus operator (%)
- Updating to the latest version of Splunk UI
- Checkbox support for boolean variables
- Various bug fixes
These additional resources will help you continue your SimData journey:
- SimData docs on the Splunk Developer Portal
- Sign up for .conf20 notifications, we’ll have a SimData talk this year
- The official SimData tutorial on the Splunk Developer Portal
- Download SimData
- SimData examples on GitHub
- .conf17 talk recording - Fake Data for Real Apps
We hope you learned something in this post, don’t forget to share it with a friend who is or might want to be a Splunk developer. There’s more SimData awesomeness coming soon, stay tuned!