All Apps and Add-ons

Can't seem to get PowerShell input to run

peterfilardo
Explorer

Distributed Splunk Add-on for PowerShell 1.1 app to a few forwarders, and it doesn't seem to be running.

Here's a suspect line from splunkd.log on the forwarders:

10-22-2013 14:33:51.420 -0400 ERROR ModularInputs - Introspecting scheme=powershell: script running failed (exited with code 255).
10-22-2013 14:33:51.420 -0400 ERROR ModularInputs - Unable to initialize modular input "powershell"  defined inside the app "SA-ModularInput-PowerShell": Introspecting scheme=powershell: script running failed (exited with code 255).

Has anyone else had luck getting Splunk Add-on for PowerShell 1.1 working with 6.0?

shreyasathavale
Communicator

I am getting same error for both powershell and powershell2 ... And execution-policy is Unrestricted. Any ideas?

0 Karma

jbennett_splunk
Splunk Employee
Splunk Employee

There are two modular inputs, "PowerShell" for all the latest versions of PowerShell, and "PowerShell2" for the older PowerShell 2. If you only see this message for PowerShell, then it just means you don't have the newer versions available.

If you're running an older server like Server 2008 R2, then it has PowerShell 2 installed by default, and that's the only version available. You could upgrade PowerShell, or just use the [PowerShell2:...] stanzas for the older version of the modular input.

0 Karma

adylent
Path Finder

Be sure that the powershell has the appropriate permissions to run. On the hosts with the forwarders verify the ExecutionPolicy:

Set-ExecutionPolicy remotesigned

Then you can verify with:

Get-ExecutionPolicy

peterfilardo
Explorer

Result:
PS C:\Users\username> Get-ExecutionPolicy
RemoteSigned

Hmm, puzzling.

0 Karma
Get Updates on the Splunk Community!

Index This | I am a number, but when you add ‘G’ to me, I go away. What number am I?

March 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...

What’s New in Splunk App for PCI Compliance 5.3.1?

The Splunk App for PCI Compliance allows customers to extend the power of their existing Splunk solution with ...

Extending Observability Content to Splunk Cloud

Register to join us !   In this Extending Observability Content to Splunk Cloud Tech Talk, you'll see how to ...