Getting Data In

EventLog by Powershell

New Member

How can I get event log from CIFS EMC with use powershell?
When I use something like below, always Splunk indexes only last event.

[powershell://EventLog]
script = Get-EventLog -LogName Security -ComputerName FS03-C
schedule = 0/5 *  * ? * *
sourcetype = WinEventLog:Security

Do you help me?, because it drive me crazy
I started with Splunk yesterday?

Tags (2)
0 Karma

Motivator

Gathering event logs via WMI is probably your most efficient option. You mentioned in a comment above that this is not an option, but perhaps that's worth digging deeper (need more details).

Regarding your PowerShell input, realize that you can't just put any command into here. Read the docs included with the PowerShell Add-on app (direct link to the right file in Github. I don't know what the input string error refers to, but it could be related to some fields in the data that don't work in the add-on. Run the command through Select-Object and only include the fields that you need. Also, you'll want to put a filter on there so it's not grabbing 1000's of event log items every time (unless that's what you want). If you just run Get-EventLog by itself, you may be getting the same data multiple times.

Another tip: check out the MS Exchange app, it's probably got the most examples of use of the PowerShell add-on.

New Member

Log from SPLUNK.
Info 2014-02-04T20:16:57.3136715Z Modular PowerShell Initialized Successfully: 2 Jobs Loaded
Error 2014-02-04T20:16:58.7021071Z PowerShell Exception: Input string was not in a correct format.
Error 2014-02-04T20:16:59.1545187Z PowerShell Exception: Input string was not in a correct format.
Error 2014-02-04T20:16:59.5913299Z PowerShell Exception: Input string was not in a correct format.

0 Karma

New Member

I can't use WMI,because EMC VNX 5300 on CIFS servers is unsupported.

0 Karma

Legend
0 Karma