According to the documentation you should be formatting your output differently when using in conjunction with modular input and powershell app.
http://docs.splunk.com/Documentation/AddOns/latest/MSPowerShell/Writescriptsforthemodularinput#Outpu...
Important: The modular input currently requires that any PowerShell scripts it executes produce output objects that do not have any script properties. Pipe output through | Select-Object * to ensure proper formatting.
$Directories = @("c:\test","c:\windows")
$now = $(get-date).ToString()
foreach ($item in $Directories){
$directoryInfo = $(Get-ChildItem $item -ErrorAction silentlycontinue| Measure-Object).Count
$howManyDirectories = $(Get-ChildItem $item -ErrorAction silentlycontinue | where {$_.PSIsContainer} | Measure-Object).Count
$howManyFiles = $(Get-ChildItem c:\ -ErrorAction silentlycontinue | where {$_.mode -notlike "d*"} | Measure-Object).Count
if(!(Test-Path -Path $item )){
write-output( $now + " no directory " + $item) | Select-Object *
}
elseif($directoryInfo -eq $directoryInfo){
write-output($now + " " +$item + $onlyDirectory) | Select-Object *
#I really dont understand this elseif and it's purpose I have dir with one sub dir and it always gets stuck here.
}
else {
$date = (Get-Date).AddHours(-4)
write-output $((get-childitem $item | where-object {$_.LastWriteTime -lt $date -and !$_.PSIsContainer}| foreach-object { Write-Output $now " File: " $_.FullName " LastWriteTime: " $_.LastWriteTime | Select-Object *}))
}
}
You'll note I scratched your echos and same error handling variables you had and I dont understand the elseif. I think its meant to be if the directory is empty. I made you variables in your foreach equal to numbers instead of arrays with numbers attached which simplifies their usage later. Biggest point to get across here is the usage of the |select-object *
