All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How to create a PowerShell script to list forwarder status, then restart the service if the listing failed?

ginger8990
Explorer
‎05-10-2016 08:07 PM

I want to find a script to list splunk forwarder status the restart the service if the listing failed.

$serverlist =
"C:\serverlist.txt"
Get-Content $serverlist |
foreach($comp in
$serverlist){Invoke-Command
-ComputerName $_ -FilePath "C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe"
-ArgumentList splunk list forward-server}
Or
$sstat = Get-Service -Name splunkd
#Checks for Service Status
#Restarts Splunk Service if it's running, or starts if it is stopped
if ($sstat.status -eq "running"){
    write-output "Restarting Splunk"
    restart-service splunkd
    }
elseif ($sstat.status -eq "stopped"){
    start-service splunkd
    write-output "Splunk is starting"
    }
0 Karma
Reply

jkat54
SplunkTrust
SplunkTrust
‎05-26-2016 05:51 AM 
$user = "admin" 
$pass = convertto-securestring -AsPlainText -Force -String 'admin' #your password here 
$cred = new-object -typename System.Management.Automation.PSCredential -argumentlist $user,$pass 
$request = Invoke-RestMethod -uri https://localhost:8089/services/data/outputs/tcp/server -credential $cred 
$request.title
0 Karma
Reply

jkat54
SplunkTrust
SplunkTrust
‎05-16-2016 03:56 AM

Example 1:

$pinfo = New-Object System.Diagnostics.ProcessStartInfo
$pinfo.FileName = 'C:\Program Files\SplunkUniversalForwarder\bin\splunk.exe'
$pinfo.RedirectStandardError = $true
$pinfo.RedirectStandardOutput = $true
$pinfo.UseShellExecute = $false
$pinfo.Arguments = "list forward-server"
$p = New-Object System.Diagnostics.Process
$p.StartInfo = $pinfo
$p.Start() | Out-Null
$p.WaitForExit()
$stdout = $p.StandardOutput.ReadToEnd()
$stderr = $p.StandardError.ReadToEnd()
Write-Host "stdout: $stdout"
Write-Host "stderr: $stderr"
Write-Host "exit code: " + $p.ExitCode

Example 2:
`add-type @"
using System.Net;
using System.Security.Cryptography.X509Certificates;
public class TrustAllCertsPolicy : ICertificatePolicy {
public bool CheckValidationResult(
ServicePoint srvPoint, X509Certificate certificate,
WebRequest request, int certificateProblem) {
return true;
}
}
"@
[System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy

$user = "admin"
$pass = convertto-securestring -AsPlainText -Force -String 'admin' #your password here
$cred = new-object -typename System.Management.Automation.PSCredential -argumentlist $user,$pass
$request = Invoke-WebRequest -uri https://localhost:8089/services/data/outputs/tcp/default -credential $cred
$request.Content
$request = Invoke-WebRequest -uri https://localhost:8089/services/data/outputs/tcp/group -credential $cred 
$request.Content
$request = Invoke-WebRequest -uri https://localhost:8089/services/data/outputs/tcp/server -credential $cred 
$request.Content
$request = Invoke-WebRequest -uri https://localhost:8089/services/data/outputs/tcp/allconnections -credential $cred 
$request.Content`

Example 3:
http://dev.splunk.com/view/splunk-powershell-resource-kit/SP-CAAADRU

0 Karma
Reply

ginger8990
Explorer
‎05-15-2016 08:47 PM

your answer is not splunk powershell related.

What you are talking about is prerequisite of using powershell...........how to you use powershell without prerequisite?

0 Karma
Reply

jkat54
SplunkTrust
SplunkTrust
‎05-15-2016 05:36 PM

Seriously... This is a loaded question. Have you ever done powershell remoting? Will you enable WinRM or use WMI? Do you know what each entails? Are you paying for the development and subsequent deployment? Or do you just expect someone to spend the next month here explaining it to you? It's hard enough to enable WinRM and double hop code execution in your own environment; let alone explain it to someone else...

Reply

jkat54
SplunkTrust
SplunkTrust
‎05-15-2016 05:43 PM

I share code here all the time but I don't have it in me to go into the intracacies of remote code execution in a windows environment. I'll do better by you letting you figure it out yourself anyways. I think I gave enough hints by now. Best of luck.

0 Karma
Reply

ginger8990
Explorer
‎05-12-2016 08:29 AM

Splunk community is not good as spicework community, no one ever reply the Q&A.

Let me put this way: Splunk commands can support powershell? Such as splunk list forward-server is not recognized in Powershell.

0 Karma
Reply

jkat54
SplunkTrust
SplunkTrust
‎05-17-2016 07:24 PM

Hey spice works guy... I have answer and you no reply for more than 1 day. Wassup?

0 Karma
Reply

piebob
Splunk Employee
Splunk Employee
‎05-15-2016 04:02 PM

I downvoted this post because http://lmgtfy.com/?q=splunk+powershell

Reply
Career Survey
First 500 qualified respondents will receive a $20 gift card! Tell us about your professional Splunk journey.
Take the Survey

Can’t make it to .conf25? Join us online!

Watch Global Broadcast
Get Updates on the Splunk Community!

Can’t Make It to Boston? Stream .conf25 and Learn with Haya Husain

Boston may be buzzing this September with Splunk University and .conf25, but you don’t have to pack a bag to ...

Splunk Lantern’s Guide to The Most Popular .conf25 Sessions

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Unlock What’s Next: The Splunk Cloud Platform at .conf25

In just a few days, Boston will be buzzing as the Splunk team and thousands of community members come together ...
li.common.scroll-to.top