read stochastic -source 'logs'

Generate simulated streams of logs as event points from a variety of sources, emitting live or historic points using a configurable error rate.`

read stochastic -source 'logs' source-params read-params

Source parameters

Parameter Description Required?
-logType One of:
syslog
A UNIX syslog generator with configurable error rate (-errp below)
git
A stream of commit and merge messages with a configurable ratio (-mergep below)
osx
A Mac OSX system log
pix
A Cisco router log
 No; defaults to syslog
-lpm The average number of syslog lines per minute per host No; defaults to 60
-nhosts The number of hosts to simulate No; the default is 1
-pops A list of Point of Presence (PoP) names to use with -nhosts

Host names are generated by assigning numbers to PoPs in a round-robin fashion, such as pop1.1, pop2.2, pop1.3, pop1.4, and so on.

No
-host_names A list of host names to use, in which case -nhosts is ignored and the number of hosts equals the number of specified host names No; when nhosts is more than 1, and -host_names is omitted, host names are randomly generated
-errp The syslog error percentage at peak demand No; defaults to 0.02
-mergep The probability that a git commit message is a merge commit No; defaults to 0.10

Read parameters

Parameter Description Required?
-from Stream points whose time stamps are greater than or equal to the specified moment

See Time notation in Juttle for syntax information.

Required only if -to is not present; defaults to :now:
-to Stream points whose time stamps are less than the specified moment, which is less than or equal to :now:

See Time notation in Juttle for syntax information.

:information_source: Note:To stream live data only, omit -fromand specify -to :end: To combine historical and live data, specify a -fromvalue in the past and -to :end:

 Required if -from is not present; defaults to :now:
-last Given a duration, shorthand for -from (:now: - duration) -to :now: No
filter-expression A field comparison, where multiple terms are joined with AND, OR, or NOT

See Filtering for additional details.

No

Example: Different ways to use read stochastic -source 'logs'

read stochastic -source 'logs'
| view text

read stochastic -source 'logs' -logType "git" -mergep 0.5
| view text

read stochastic -source 'logs' -logType "syslog" -errp 0.4
| view text