All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Why am I getting FormatException error when running a script?

loganmc10
New Member
‎12-04-2014 12:14 PM

I am trying to run the following script (I have tried as a .ps1, and putting it directly in inputs.conf)

Get-WmiObject -class win32_service | Select-Object Name,Status,PathName,StartMode,DisplayName,StartName,Started,State

I get this error:

PowerShell FormatException in Stanza powershell2://Service-Info: Index (zero based) must be greater than or equal to zero and less than the size of the argument list.

This is inputs.conf

[powershell2://Service-Info]
script = . "$SplunkHome\etc\apps\SA-ModularInput-PowerShell\bin\Service_Info.ps1"
schedule = 0 */10 * ? * *
sourcetype = Windows:Services

I have other scripts that run fine, this is the only one throwing this error

0 Karma
Reply

jbennett_splunk
Splunk Employee
Splunk Employee
‎12-05-2014 03:50 PM

What version of the addon? (current is 1.2.0, you can check in the splunk UI or in it's default/app.conf)

What version of Windows? (are you running PowerShell2 because you don't have anything newer?)

The only way I can replicate your problem is with the debug build of our PowerShell2 host (not sure how you would have gotten that, but it would certainly be a mistake). If you can run PowerShell 3 or higher, you can switch the stanza to [powershell://Service-Info] and the problem should go away 😉

As far as the possibility that you have debug bits, are you also getting output like any of these lines?

Modular PowerShell Initialized Successfully: 1 Jobs Loaded
Scheduler Started. Scheduling 1 Jobs
Scheduled 1 Jobs Successfully
Execute Stanza: powershell2://Service-Info

You could check if you have the debug build by just running it in a console window. If you run it and it outputs "PowerShell2" then it has the debug bit set, and I'm pretty sure you should just re-download from apps. (Note: After you run it, you'll have to kill it with Ctrl+C, because otherwise it's sitting there waiting for input from splunk).

0 Karma
Reply

loganmc10
New Member
‎12-08-2014 07:12 AM

We are running version 1.2.0
They are Windows 2008 R2 machines, I tried the Powershell stanza and it didn't work (gave all kinds of errors), so I assume the machines don't have Version 3. I did a "$psversiontable.psversion" as suggested in the docs, and it came back with Version 2.

Below is the full output from powershell2.log

Debug 2014-12-04T17:52:41.4701424Z PowerShell2 --scheme
Debug 2014-12-04T17:52:43.4053359Z PowerShell2 
Info 2014-12-04T17:52:43.8583812Z Modular PowerShell Initialized Successfully: 7 Jobs Loaded
Debug 2014-12-04T17:52:44.2864240Z Scheduler Started. Scheduling 7 Jobs
Debug 2014-12-04T17:52:44.4104364Z Scheduled 7 Jobs Successfully
Debug 2014-12-04T18:00:00.4590369Z Execute Stanza: powershell2://Service-Info
Error 2014-12-04T18:00:01.3511261Z PowerShell FormatException in Stanza powershell2://Service-Info: Index (zero based) must be greater than or equal to zero and less than the size of the argument list.
0 Karma
Reply
Get Updates on the Splunk Community!

Updated Data Type Articles, Anniversary Celebrations, and More on Splunk Lantern

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

A Prelude to .conf25: Your Guide to Splunk University

Heading to Boston this September for .conf25? Get a jumpstart by arriving a few days early for Splunk ...

4 Ways the Splunk Community Helps You Prepare for .conf25

.conf25 is right around the corner, and whether you’re a first-time attendee or a seasoned Splunker, the ...
Top