All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Getting Lync data into Splunk using the PowerShell SA

Runals
Motivator
‎12-11-2014 07:22 AM

I'm not a powershell guy. The following scripts were passed to me to try to run with the PowerShell SA. They aren't working. I do know the system is running PowerShell 2 and that when you run the scripts locally they do work. I'm guessing there is something in the formatting that the SA doesn't like (maybe?). Open to any thoughts!

[powershell2://active_users]
script = Get-Counter –Counter "\LS:USrv - 13 - Endpoint Cache\USrv - 001 - Active Registered Endpoints" | Select-Object –ExpandProperty CounterSamples | Select-Object CookedValue
schedule = 0 0/1 * * * *
sourcetype = Active_Registered_Endpoints
source = Powershell

[powershell2://inbound_pstn_calls]
script = Get-Counter –Counter "\LS:MediationServer - 01 - Inbound Calls(*)\- 000 - Current" | Select-Object –ExpandProperty CounterSamples | Select-Object *
schedule = 0 0/1 * * * ?
sourcetype = Inbound_PSTN_Calls
source = Powershell
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

ahall_splunk
Splunk Employee
Splunk Employee
‎12-12-2014 10:24 AM

So, first off - any reason you are not just using the perfmon counters here?

[perfmon://inbound-pstn-calls]
object = LS:MediationServer - 01 - Inbound Calls
counters = - 000 - Current
instances = *
interval = 60
sourcetype = Inbound_PSTN_Calls

Secondly, it looks like the schedule is slightly wrong. I know your first example IS wrong as it doesn't have a question mark in it. The second one has the question mark in the wrong place.

I'd honestly use perfmon here though.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

ahall_splunk
Splunk Employee
Splunk Employee
‎12-12-2014 10:24 AM

So, first off - any reason you are not just using the perfmon counters here?

[perfmon://inbound-pstn-calls]
object = LS:MediationServer - 01 - Inbound Calls
counters = - 000 - Current
instances = *
interval = 60
sourcetype = Inbound_PSTN_Calls

Secondly, it looks like the schedule is slightly wrong. I know your first example IS wrong as it doesn't have a question mark in it. The second one has the question mark in the wrong place.

I'd honestly use perfmon here though.

0 Karma
Reply
Solved! Jump to solution

Runals
Motivator
‎12-13-2014 01:25 PM

That was indeed the best way to implement this and worked like a champ! Haven't played much with these so appreciate the conversion. Wish the sourcetype line worked but /shrug.

0 Karma
Reply
Get Updates on the Splunk Community!

.conf25 Community Recap

Hello Splunkers, And just like that, .conf25 is in the books! What an incredible few days — full of learning, ...

Splunk App Developers | .conf25 Recap & What’s Next

If you stopped by the Builder Bar at .conf25 this year, thank you! The retro tech beer garden vibes were ...

Congratulations to the 2025-2026 SplunkTrust!

Hello, Splunk Community! We are beyond thrilled to announce our newest group of SplunkTrust members!  The ...