Datagen
Synopsis
Generates synthetic log traffic and emits it to a target host and port using the selected protocol. Intended for pipeline testing, target connectivity validation, and load characterization in development and staging environments. Not for production data ingestion.
This device is an outbound traffic generator. Misconfiguration (e.g., very high count with very low interval) can saturate a downstream target. Resource bounds are applied automatically and out-of-range values are clamped with a log message.
Schema
- id: <numeric>
name: <string>
description: <string>
type: datagen
tags: <string[]>
pipelines: <pipeline[]>
status: <boolean>
properties:
protocol: <string>
address: <string>
port: <numeric>
file_path: <string>
message: <string>
severity: <string>
count: <numeric>
interval: <numeric>
duration: <numeric>
now: <boolean>
Configuration
Device
| Field | Required | Default | Description |
|---|---|---|---|
id | Y | - | Unique numeric identifier |
name | Y | - | Device name |
description | N | - | Optional description |
type | Y | - | Must be datagen |
tags | N | - | Optional tags |
pipelines | N | - | Optional pre-processor pipelines |
status | N | true | Enable/disable the device |
Transport
| Field | Required | Default | Description |
|---|---|---|---|
protocol | N | "syslog" | Transport protocol. One of syslog (UDP), syslog-udp, syslog-tcp, tcp, udp, http, netflow |
address | N | "127.0.0.1" | Destination host (IPv4, IPv6, or hostname) |
port | N | 514 | Destination port (range 1-65535) |
Payload
| Field | Required | Default | Description |
|---|---|---|---|
message | N | - | Inline message body emitted on each cycle (max 64 KB; longer values are truncated and logged) |
file_path | N | - | Path to a file containing one or more messages to emit. Must resolve under the service data directory (absolute paths and symlinks pointing outside are rejected). When set, takes precedence over message |
severity | N | "Error" | Syslog severity label applied to generated messages |
Generation
| Field | Required | Default | Description |
|---|---|---|---|
count | N | 1000 | Number of messages to emit per cycle (clamped to 1-1000000) |
interval | N | 1 | Seconds between emission cycles (minimum 1) |
duration | N | 300 | Total run duration in seconds before the device stops emitting (clamped to 1-86400) |
now | N | true | When true, start emitting immediately on enable; when false, wait for the next minute boundary before starting |
Details
Resource Bounds
Out-of-range values for count, interval, and duration are clamped to safe bounds rather than rejected, so a misconfigured device still starts. Each clamp emits an Information-level debug log line of the form datagen "count" clamped from 5000000 to 1000000 for device <name>, providing a grep-able signal that operator-provided values were adjusted.
File Path Sandboxing
The file_path value is confined to the service data directory. Relative paths are resolved against that directory; absolute paths must already point inside it. Symlinks are resolved before the prefix check, so a link inside the data directory pointing to an external location (e.g., /etc/hostname) is rejected.
Protocol Aliases
syslog is the historical name for UDP transport and is equivalent to syslog-udp. The explicit syslog-udp and syslog-tcp aliases are provided so the udp/tcp pair is symmetric and operators are not misled into guessing.
Examples
Basic Syslog Generator
Emitting 1000 syslog UDP messages per second to a local target... | |
TCP with Custom Severity
Generating TCP-delivered messages at warning severity to a remote target... | |
File-Sourced Messages
Replaying messages from a file under the service data directory... | |
High-Volume Load Test
Saturating a target for load characterization (5 min duration cap)... | |
Delayed Start
Aligning emission to the next minute boundary instead of starting immediately... | |