Sending test events to KUMA

KUMA allows sending test events to the system. Use the option of sending test events to KUMA to test rules, reports, dashboards, and also to check the resource consumption of the collector with different event streams. Events can only be sent to a collector that receives events over TCP or HTTP.

To send test events, you need:

• The 'kuma' file started with certain options.

  In the following instructions, the file with raw events is named send_test_events.txt as an example. You can use your own file name.

• A configuration file in which you define the parameters for running the executable file.

  In the following instructions, the configuration file is named config_for_test_events as an example. You can use your own file name.

To send test events:

1. Get sample events to send to KUMA:
   1. In the KUMA web interface, in the Events section, in the upper right corner, click the icon and in the displayed window, on the Event fields columns tab, select the check box for the Raw field. The 'Raw' column is displayed in the Events window.
   2. Search for events.
   3. Export your search results: in the Events window, in the upper right corner, click and select Export TSV.
   4. Go to the KUMA Task manager section and click the Export events task; in the context menu, select Download.

      The <name of file with exported events>.tsv file is displayed in the Downloads section.

      If you are not collecting raw events, enable collection for a short time by setting the Keep raw event setting of the normalizer to Always. After the collection is completed, restore the previous value of the Keep raw event setting.

   5. Create a text file named send_test_events.txt and copy the contents of the Raw field from <name of file with exported events>.tsv to a text file named send_test_events.txt.
   6. Save send_test_events.txt.
2. Create a config_for_test_events configuration file and add the following lines to the file:

   {

   "kind": "<tcp or http>",

   "name": "-",

   "connection": {

   "name": "-",

   "kind": "<tcp or http>",

   "urls": ["<IP address of the KUMA collector for receiving events over TCP>:<port of the KUMA collector for receiving event over TCP>"]

   }

   }

   Save the config_for_test_events configuration file.

3. Ensure that network connectivity exists between the server sending events and the server on which the collector is installed.
4. To send the contents of the test event file to the KUMA collector, run the following command:

   /opt/kaspersky/kuma/kuma tools load --raw --events /home/events/send_test_events.txt --cfg home/events/config_for_test_events --limit 1500 --replay 100000

   Available settings

   Setting	Description
   --events	Full path to the file containing raw events. Required setting. If the full path is not specified, the command does not run.
   --cfg	Path to the configuration file. Required setting. If the full path is not specified, the command does not run.
   --limit	Stream to be sent to the collector, in events per second (EPS). Required setting. If no value is specified, the command does not run.
   --replay	Number of events to send. Required setting. If no value is specified, the command does not run. The step for --replay is 10000. The minimum value is 10000. --replay 16 sends 10000 events. --replay 16000 sends 20000 events.

As a result of running the command, test events are successfully sent to the KUMA collector. You can verify the arrival of test events by searching for related events in the KUMA web interface.

Page top