Dev
Fake Log Entry Generator
Building a log parser, wiring a Kibana dashboard, or validating alerting rules all require realistic log data before production traffic exists. A fake log entry generator produces up to 50 authentic log lines per run in four formats, with configurable level mixes for different test scenarios. The `format` input controls line structure. JSON produces one object per line with timestamp, level, service, host, message, ip, duration_ms, and request_id — compatible with Elasticsearch's _bulk API. 'Combined (Apache/Nginx)' follows the Combined Log Format exactly. Syslog follows RFC 3164. 'Application (plaintext)' produces ISO timestamp, level, service, and message. The `level` input filters severity: 'All levels' gives a weighted mix, 'Errors only' generates ERROR and FATAL for alert threshold testing, 'Warnings and Errors' adds WARN, and 'Info and Debug' simulates healthy traffic.
How to use
- Choose your options above
- Click Generate
- Copy your result
Detailed instructions
- Set the Number of Lines field to how many log entries you need, from a few lines up to several hundred.
- Select your target Log Format from the dropdown: JSON for structured ingestion, Apache/Nginx for web server simulation, Syslog for RFC 3164 compatibility, or plain text.
- Choose a Log Level Mix that matches your test scenario: all levels for realistic traffic, errors only for alert testing, or info/debug for baseline ingestion checks.
- Click Generate and review the output entries in the results panel below the controls.
- Copy the output directly into your log parser, paste into a file for Promtail or Filebeat to pick up, or use the Elasticsearch _bulk API to index the JSON entries.
Use Cases
- •Stress-testing Logstash grok patterns against Apache combined format before pushing to production
- •Seeding a Kibana index with 200 JSON log entries to build and validate dashboard visualizations
- •Triggering Grafana or PagerDuty alert rules by generating an 'Errors only' spike of 100+ entries
- •Validating Splunk field extractions across all four supported log formats in a single session
- •Creating realistic Syslog RFC 3164 payloads to test rsyslog or syslog-ng ingestion pipelines
Tips
- →Generate Apache format logs when testing Nginx ingestion rules, since the field order and quoting conventions are identical and stress the same parser paths.
- →Save several batches with different level mixes to a single file to create a realistic log sequence with quiet periods followed by an error burst.
- →When testing Kibana visualizations, generate at least 100 JSON entries so your charts have enough data points to render aggregations meaningfully.
- →Combine JSON output from multiple generator runs with different service names edited in to simulate a multi-service architecture in your observability stack.
- →For Loki LogQL testing, generate plain text format and label the file with a fake job and instance in your Promtail config to exercise label-based filtering.
- →Use 'Errors only' mode to generate the exact volume of failures needed to cross an alert threshold, making it easy to verify your notification channels fire correctly.
FAQ
how do I generate fake json logs for elasticsearch or opensearch testing
Select 'JSON' as the format, set your line count, and click Generate. Each line is a compact JSON object with timestamp, level, service, host, message, ip, duration_ms, and request_id. To bulk-index into Elasticsearch, prepend each line with an action header: {"index":{"_index":"test-logs"}} on its own line, then the document line. The newline-delimited output is also directly usable with Datadog log intake and OpenSearch's _bulk endpoint.
can I use errors-only mode to test alert thresholds in grafana or pagerduty
Yes. Set 'Log Level Mix' to 'Errors only' and every output line will carry an ERROR or FATAL level — no INFO or WARN noise to dilute the signal. Pipe the batch into your alerting tool and confirm that firing thresholds, silence rules, and escalation policies behave exactly as expected without waiting for real failures.
what is the difference between syslog and json format for log testing
Syslog output follows RFC 3164 notation with a hostname, process name, PID, and message body — compatible with rsyslog, syslog-ng, and most SIEM ingestors that expect traditional syslog streams. JSON output uses structured key-value fields that Filebeat, Fluentd, and Logstash parse without a custom grok pattern, making it the faster path for modern observability stacks that ingest structured logs natively.
does the apache/nginx combined format output work with real grok patterns
Yes. The output follows the Combined Log Format exactly: IP, bracketed timestamp in dd/Mon/yyyy:HH:MM:SS +offset format, quoted request line with method, path, and HTTP version, status code, and byte count. A standard Logstash COMBINEDAPACHELOG grok pattern or an Nginx-specific pattern will parse the generated output without modification.
You might also like
Popular tools from other categories that share themes with this one.
Try these next
More free tools from other corners of the catalog, picked by shared themes.