Deployment Architecture
Highlighted

Powershell script output ingestion

Contributor

I have deployed an app via our deployment server. The app includes a batch file that runs the following command:

powershell -Command "& {Get-WmiObject -Class Win32_Product | Select-Object -Property Name | format-Table -HideTableHeaders}" 

I've included the following inputs.conf in the deployment app:

[script://$SPLUNK_HOME\etc\apps\SoftwareList\bin\SW.bat]
disabled = 0
interval = 86400

The script executes with an output listing something like the following:

C:\Windows\system32>powershell -Command "& {Get-WmiObject -Class Win32_Product | Select-Object -Property Name | format-Table -HideTableHeaders}"  
Microsoft DCF MUI (English) 2013                                               
Microsoft Office Professional Plus 2013                                        
Microsoft OneNote MUI (English) 2013      

I want to ingest each output line of the file. But my script is ingesting everything not line by line of the powershell output. Also, I'd ideally like to ignore the command string. Can anyone point me in the right direction?

Thanks!

0 Karma
Highlighted

Re: Powershell script output ingestion

Communicator

Have you looked at using the PowerShell TA? https://splunkbase.splunk.com/app/1477/

When you use a batch file as a wrapper Splunk will write all the batch outputs to standard out. You can try putting @echo off on the top of the batch file but I'm not certain that will help.

Highlighted

Re: Powershell script output ingestion

Motivator

This is the best way to go. Don't use a batch wrapper. Read the read me, there are some tips for output.

0 Karma