Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question
Solved! Jump to solution

Getting data from prowershell script

aNamee
Explorer
‎11-02-2017 02:30 AM

Hello,

I am having some trouble getting data into Splunk from a powershell script.
The script is a Nagios script called "Check Windows Updates using Powershell", and returning the current status of the Windows Update software using the standard output "Write-Host".
My problem is that the script does not seem to run when intended.
I added my check_windows_updates.ps1 script via the "Add data" wizard, but it does not seem to run.
I also added an other .bat script containing the following :

@echo off
powershell check_windows_updates.ps1

But it does not seem to run either, as I do not get any data from those two scipts inputs.

Thanks in advance for your help!

EDIT: I have .Net 4.7 and Powershell 3.0 installed on my windows server

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

rjthibod
Champion
‎11-06-2017 04:38 AM

You are not correctly using the powershell script. You need to bundle the Powershell script as a scripted input/add-on, and then tell inputs.conf to invoke the powershell script.

Here are some reference links
https://answers.splunk.com/answers/334729/how-to-troubleshoot-why-my-powershell-scripted-inp.html
https://docs.splunk.com/Documentation/Splunk/latest/Data/MonitorWindowsdatawithPowerShellscripts

Note, when I have done Powershell scripts as inputs, I have always used a .path file approach as shown in the first link. I have never used the Splunk Powershell Add-on. Just my experience.

View solution in original post

Reply
Solved! Jump to solution
Solution

rjthibod
Champion
‎11-06-2017 04:38 AM

You are not correctly using the powershell script. You need to bundle the Powershell script as a scripted input/add-on, and then tell inputs.conf to invoke the powershell script.

Here are some reference links
https://answers.splunk.com/answers/334729/how-to-troubleshoot-why-my-powershell-scripted-inp.html
https://docs.splunk.com/Documentation/Splunk/latest/Data/MonitorWindowsdatawithPowerShellscripts

Note, when I have done Powershell scripts as inputs, I have always used a .path file approach as shown in the first link. I have never used the Splunk Powershell Add-on. Just my experience.

Reply
Solved! Jump to solution

aNamee
Explorer
‎11-06-2017 05:26 AM

Thanks for your answer!!
I solved this problem setting up my script as a Powershell 3 modular input instead of setting it as a standard input script, with Script path like . "$SplunkHome\..." , not from C:\ and with CRON formatted Schedule.
Also I changed "Write-Host" to "Write-Output" in script.

Reply
Solved! Jump to solution

aNamee
Explorer
‎11-06-2017 05:51 AM

A .path could have been good too if I wasn't on Splunk 7 but on a version 6.2 or lower, where Powershell isn't supported natively. I find it easier to configure all via GUI than by editing config files in FS.

0 Karma
Reply
Solved! Jump to solution

aNamee
Explorer
‎11-06-2017 04:25 AM

FYI, I am on Splunk 7.

0 Karma
Reply
Solved! Jump to solution

aNamee
Explorer
‎11-06-2017 01:28 AM

Did any of you ever ran a powershell script as a Splunk input?
Or has any other alternatives in order to get Windows Update's status?

EDIT : I gave a try to Splunk App for Windows, but unfortunately it does not monitor what I need. I would like to monitor the number of updates Windows has retrieved before the installation, but Splunk App for Windows only enables me to review the status of Windows' past updates

Thanks

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

After a whole week of being on call, you fell asleep on your keyboard, and you hit a sequence of buttons that ...

SplunkTrust Application Period is Officially OPEN!

It's that time, folks! The application/nomination period for the 2026-2027 SplunkTrust is officially open. If ...