Getting Data In
cancel
Turn on suggestions
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

How can I make the Powershell add-on script's run on a schedule?

eduardKiyko
Explorer
‎04-24-2018 06:18 AM

I have an add-on that I'm deploying on Windows systems. inputs.conf looks like this:
[powershell://Processes-EX1]
script = . "C:\Program Files\SplunkUniversalForwarder\etc\apps\Powershell_add_on\bin\Get-Policies.ps1
schedule = 0 * * *
sourcetype = WindowsPowershell
index = test
disabled = 0
I want this to run at every minute 0, every hour.
But It runs only once when I start Universal Forwarder. Then, when I restart forwarder, it runs again and only once. When forwarder is working for 2 or more hours(script should run at least 2 times) just nothing happens.
How can I make scripts run on schedule?

Reply

MuS
Legend
‎06-24-2018 01:44 PM

Hi eduardKiyko,

looking at your schedule = 0 * * * entry it looks like your are missing one additional * . Therefore this is not a valid cron schedule and Splunk uses the default option for schedule. From the docs https://docs.splunk.com/Documentation/Splunk/latest/Admin/Inputsconf 

schedule = [<number>|<cron schedule>]
* How often to run the specified PowerShell command or script.
* You can specify a number in seconds, or provide a valid cron
  schedule.
* Defaults to running the command or script once, at startup.

Find more details on valid cron notation here https://en.wikipedia.org/wiki/Cron#Overview

Hope this helps ...

cheers, MuS

Reply

kamal_jagga
Contributor
‎06-24-2018 01:15 PM

In the inputs.conf make the following entry to run it every 30 mins (30*60). default is 5 mins.

interval = 1800

https://docs.splunk.com/Documentation/Splunk/7.1.1/Admin/Inputsconf

0 Karma
Reply

Kendo213
Communicator
‎05-04-2018 05:16 PM

I'm encountering the same issue. Did you find a resolution?

0 Karma
Reply

paulathome
Path Finder
‎05-04-2018 05:26 PM

Nope, not yet. Using Task Scheduler for now... (It's only on one machine.)

0 Karma
Reply

Kendo213
Communicator
‎05-04-2018 05:35 PM

I'm having a similar issue. Basically I've configured it to run every 5 minutes (splunkd doesn't say it's an invalid cron), however it only runs once at start. Sometimes it will run once at start, and then 5 minutes later (so I know the cron is correct) but then never again. If I do it the old way (i.e. cmd and invoking powershell) it works fine.

0 Karma
Reply
Get Updates on the Splunk Community!

Developer Spotlight with Brett Adams

In our third Spotlight feature, we're excited to shine a light on Brett—a Splunk consultant, innovative ...

Index This | What can you do to make 55,555 equal 500?

April 2025 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...

Say goodbye to manually analyzing phishing and malware threats with Splunk Attack ...

In today’s evolving threat landscape, we understand you’re constantly bombarded with phishing and malware ...
Top