Sends synthetic Splunk HEC events for the EMEA DC fabric fleet with per-site toggleable fault injection across 15 sourcetypes: ACI health/faults, Nexus 9K interface/transceiver, IOS syslog, UCS compute/faults/migration, ThousandEyes alerts/path-vis/metrics, XDR incidents/observables/endpoints/verdicts, AppDynamics status/events, and Nexus Dashboard anomalies.
pip install -r requirements.txt
python app.py
# Open http://localhost:8080- FastAPI backend with async event loop
- Per-site tokenized templates — identity tokens hydrated at startup from
sites.json - Variance tokens — replaced at send time for natural metric fluctuation
- Phased fault injection — multi-phase scenarios with configurable delays
- Mutex groups — prevents conflicting faults on the same site
| Code | Name | Country | Key Devices |
|---|---|---|---|
| OSL | Oslo | Norway | Core rtr, 3 edge switches, UCS |
| CPH | Copenhagen | Denmark | Core rtr, edge switch |
| STO | Stockholm | Sweden | Core rtr, edge switch |
| HEL | Helsinki | Finland | Core rtr, edge switch |
- ERP vPC Peer-Link Failure — 5-phase cascade: ACI interface fault → vPC collapse → UCS NIC failover → TE/AppD alerts → XDR/ND anomalies. Models the real EMEA ERP P1 incident.
- Transceiver Failure — 3-phase: optics absent → CRC error accumulation → interface down + TE alert.
- UCS Blade Failure — 3-phase: blade hardware fault → service profile migration → AppD/XDR impact.
- BGP Flap — 3-phase: BGP adjacency down → TE reachability drop → HTTP latency spike.
docker build -t dc-scenario-controller .
docker run -p 8080:8080 dc-scenario-controllerkubectl apply -f k8s-manifest.yamlSet HEC credentials via the web UI or environment variables:
HEC_URL— Splunk HEC endpointHEC_TOKEN— HEC authentication tokenHEC_INDEX— Target index (default:main)PORT— Web server port (default:8080)