<?xml version="1.0" encoding="UTF-8"?>
<rss xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:rdf="http://www.w3.org/1999/02/22-rdf-syntax-ns#" xmlns:taxo="http://purl.org/rss/1.0/modules/taxonomy/" version="2.0">
  <channel>
    <title>topic Re: SA-ModularInput-PowerShell problem. in Getting Data In</title>
    <link>https://community.splunk.com/t5/Getting-Data-In/SA-ModularInput-PowerShell-problem/m-p/180756#M36249</link>
    <description>&lt;P&gt;I've restarted the host and now it is working... so... yeah.. that... &lt;span class="lia-unicode-emoji" title=":winking_face:"&gt;😉&lt;/span&gt;&lt;/P&gt;</description>
    <pubDate>Thu, 29 May 2014 12:35:11 GMT</pubDate>
    <dc:creator>mic1024</dc:creator>
    <dc:date>2014-05-29T12:35:11Z</dc:date>
    <item>
      <title>SA-ModularInput-PowerShell problem.</title>
      <link>https://community.splunk.com/t5/Getting-Data-In/SA-ModularInput-PowerShell-problem/m-p/180755#M36248</link>
      <description>&lt;P&gt;hi,&lt;BR /&gt;
Im trying to use this app (as per tutorial from &lt;A href="http://blogs.splunk.com/2013/06/24/monitoring-processes-on-windows/"&gt;http://blogs.splunk.com/2013/06/24/monitoring-processes-on-windows/&lt;/A&gt;) however I'm running into a problem as per below:&lt;/P&gt;

&lt;PRE&gt;&lt;CODE&gt;05-28-2014 11:39:28.235 +0100 ERROR ModularInputs - Introspecting scheme=powershell: script running failed (exited with code 255).
05-28-2014 11:39:28.235 +0100 ERROR ModularInputs - Unable to initialize modular input "powershell"  defined inside the app "SA-ModularInput-PowerShell": Introspecting scheme=powershell: script running failed (exited with code 255).
&lt;/CODE&gt;&lt;/PRE&gt;

&lt;P&gt;My inputs.conf under C:\Program Files\SplunkUniversalForwarder\etc\apps\SA-ModularInput-PowerShell\local&lt;/P&gt;

&lt;PRE&gt;&lt;CODE&gt;[powershell://Processes]
script = Get-WmiObject -class win32_process | Add-Member -MemberType ScriptProperty -PassThru -Name Username -Value { $ud = $this.GetOwner();  $user=$ud.Domain+"\"+$ud.User;  if ($user -eq "\") { "SYSTEM" } else { $user } }|select ProcessId, Name, Username, Priority, ReadOperationCount, WriteOperationCount, CreationDate, Handle, VirtualSize, WorkingSetSize, UserModeTime, ThreadCount
schedule = 0,15,30,45 * * ? * *
source = PowerShell
sourcetype = PowerShell:Process
&lt;/CODE&gt;&lt;/PRE&gt;

&lt;P&gt;I've checked execution prolicy:&lt;/P&gt;

&lt;PRE&gt;&lt;CODE&gt;PS C:\Users\ireutildev&amp;gt; get-executionpolicy
RemoteSigned
&lt;/CODE&gt;&lt;/PRE&gt;

&lt;P&gt;version:&lt;/P&gt;

&lt;PRE&gt;&lt;CODE&gt;c:\Program Files\SplunkUniversalForwarder\bin&amp;gt;splunk version
Splunk Universal Forwarder 6.1.1 (build 207789)
&lt;/CODE&gt;&lt;/PRE&gt;

&lt;P&gt;Any ideas?&lt;BR /&gt;
Thanks,&lt;BR /&gt;
mic.&lt;/P&gt;</description>
      <pubDate>Wed, 28 May 2014 11:07:06 GMT</pubDate>
      <guid>https://community.splunk.com/t5/Getting-Data-In/SA-ModularInput-PowerShell-problem/m-p/180755#M36248</guid>
      <dc:creator>mic1024</dc:creator>
      <dc:date>2014-05-28T11:07:06Z</dc:date>
    </item>
    <item>
      <title>Re: SA-ModularInput-PowerShell problem.</title>
      <link>https://community.splunk.com/t5/Getting-Data-In/SA-ModularInput-PowerShell-problem/m-p/180756#M36249</link>
      <description>&lt;P&gt;I've restarted the host and now it is working... so... yeah.. that... &lt;span class="lia-unicode-emoji" title=":winking_face:"&gt;😉&lt;/span&gt;&lt;/P&gt;</description>
      <pubDate>Thu, 29 May 2014 12:35:11 GMT</pubDate>
      <guid>https://community.splunk.com/t5/Getting-Data-In/SA-ModularInput-PowerShell-problem/m-p/180756#M36249</guid>
      <dc:creator>mic1024</dc:creator>
      <dc:date>2014-05-29T12:35:11Z</dc:date>
    </item>
  </channel>
</rss>

