How to send logs in Windows

bee — Tue, 16 Jul 2024 07:39:11 GMT

Hi,

I try to send logs my Windows server to Splunk via Powershell but I have this type of error : Cannot convert value to type System.String.

This is my code :

# Function to send log files with HEC
function Send-LogToSplunk {
param (
[string]$filePath
)

$logContent = Get-Content -Path $filePath -Raw
$fileName = [System.IO.Path]::GetFileName($filePath)
$fileDirectory = [System.IO.Path]::GetDirectoryName($filePath)

$splunkServer = "$splunkHost/services/collector/event"
$header = @{"Authorization" = "Splunk $splunkToken"}

$payload = @{
event = $logContent
host = $env:COMPUTERNAME
sourcetype = "log"
source = $filePath
} | ConvertTo-Json

#Write-Host "Log Content $logContent";
#Write-Host "Payload to be sent: $payload";
Write-Host "FileDirectory $fileDirectory";

try {

$response = Invoke-RestMethod -Method Post -Uri $splunkServer -Headers $header -Body $payload

Write-Host "Log sent successfully: $fileName"
} catch {
Write-Host "Failed to send log: $filePath Code Error: '$global:errorConnectionCode'"
Write-Host "Error details: $_"
Exit $global:errorConnectionCode
}
}

Thanks in advance

Re: How to send logs in Windows

PickleRick — Tue, 16 Jul 2024 09:02:51 GMT

1. It's more of a PowerShell question than a Splunk one.

2. For simple file monitoring it's easier to use UF (or other solutions capable of writing to a HEC endpoint if you find UF "too big" or "too closed source").

3. You haven't even told us at which point this error is raised.

topic Re: How to send logs in Windows in Splunk Dev

How to send logs in Windows

Re: How to send logs in Windows