Skip to content

CopyCat

CopyCat is a lightweight, dependency-free Splunk add-on that generates realistic mock logs for testing AI agents, parsing rules, and data analysis workflows.

It is available on Splunkbase and as an open-source project on GitHub.

Features

  • Splunk Add-on: Automatically generates logs via scripted inputs
  • CLI Tool: Standalone Python script for manual log generation
  • Time Control: Generate historical logs with custom date ranges
  • Zero Dependencies: Uses Python standard library only and maintains compatibility with Splunk (Python 3.9)
  • Realistic Data: Includes IPs, usernames, hostnames, UUIDs, and more

Lynx AI Agent

CopyCat is particularly useful for testing the capabilities of the Lynx AI Agent:

  • Natural Language Querying: Test how the agent interprets natural language questions across different log types and data patterns
  • SPL Query Generation: Verify that the agent generates efficient, data-aware SPL queries following best practices for various log formats
  • Automated Dashboards: Generate sample data to test instant visualization creation optimized for different search results
  • Anomaly Detection: Create realistic historical and real-time data patterns to test the agent's ability to identify anomalies and critical patterns

Once CopyCat is installed and generating logs, you can interact with the Lynx AI Agent to query, analyze, and visualize the generated data just as you would with production logs.

Installation

As a Splunk Add-on

  1. Copy the copycat/ directory to $SPLUNK_HOME/etc/apps/
  2. Restart Splunk: $SPLUNK_HOME/bin/splunk restart
  3. Logs will automatically start generating every 10 seconds

As a Standalone CLI Tool

python copycat/bin/copycat.py [log_type] [options]

Examples

Generate 5 random application logs

$ uv run copycat/bin/copycat.py app --count 5
2026-01-19 10:23:45.123456 [INFO] /var/lib/app.log: System process completed.
2026-01-19 10:23:45.123456 [ERROR] /opt/config/service.py: Connection timeout invalid.
2026-01-19 10:23:45.123456 [WARN] /usr/bin/config.xml: Started found warning.
2026-01-19 10:23:45.123456 [DEBUG] /tmp/share/data.db: Process stopped successful.
2026-01-19 10:23:45.123456 [INFO] /home/log/system.conf: Updated completed.

Generate historical logs with date range

$ uv run copycat/bin/copycat.py api --count 10 --start 2026-01-01T00:00:00 --end 2026-01-31T23:59:59
2026-01-05 14:32:18.456789 POST /api/orders from 10.20.30.40 - Response: 200 - 125ms
2026-01-08 09:15:42.123456 GET /api/users from 192.168.1.100 - Response: 200 - 89ms
...

Note

For detailed information about log formats and additional examples, see the CopyCat GitHub repository.

Contributing

Contributions are welcome! If you encounter any bugs or have suggestions for improvements, please open an issue in the issue tracker.

License

This open-source project is available under the MIT License. Feel free to use, modify, and distribute it under the terms of the license.