Getting Data In
×
Are you a member of the Splunk Community?
Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
- Find Answers
- :
- Splunk Administration
- :
- Getting Data In
- :
- How can I make the Powershell add-on script's run ...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark Topic
- Subscribe to Topic
- Mute Topic
- Printer Friendly Page
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
How can I make the Powershell add-on script's run on a schedule?
eduardKiyko
Explorer
04-24-2018
06:18 AM
I have an add-on that I'm deploying on Windows systems. inputs.conf looks like this:
[powershell://Processes-EX1]
script = . "C:\Program Files\SplunkUniversalForwarder\etc\apps\Powershell_add_on\bin\Get-Policies.ps1
schedule = 0 * * *
sourcetype = WindowsPowershell
index = test
disabled = 0
I want this to run at every minute 0, every hour.
But It runs only once when I start Universal Forwarder. Then, when I restart forwarder, it runs again and only once. When forwarder is working for 2 or more hours(script should run at least 2 times) just nothing happens.
How can I make scripts run on schedule?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
MuS
Legend
06-24-2018
01:44 PM
Hi eduardKiyko,
looking at your schedule = 0 * * * entry it looks like your are missing one additional * . Therefore this is not a valid cron schedule and Splunk uses the default option for schedule. From the docs https://docs.splunk.com/Documentation/Splunk/latest/Admin/Inputsconf
schedule = [<number>|<cron schedule>]
* How often to run the specified PowerShell command or script.
* You can specify a number in seconds, or provide a valid cron
schedule.
* Defaults to running the command or script once, at startup.
Find more details on valid cron notation here https://en.wikipedia.org/wiki/Cron#Overview
Hope this helps ...
cheers, MuS
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
kamal_jagga
Contributor
06-24-2018
01:15 PM
In the inputs.conf make the following entry to run it every 30 mins (30*60). default is 5 mins.
interval = 1800
https://docs.splunk.com/Documentation/Splunk/7.1.1/Admin/Inputsconf
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Kendo213
Communicator
05-04-2018
05:16 PM
I'm encountering the same issue. Did you find a resolution?
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
paulathome
Path Finder
05-04-2018
05:26 PM
Nope, not yet. Using Task Scheduler for now... (It's only on one machine.)
- Mark as New
- Bookmark Message
- Subscribe to Message
- Mute Message
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Kendo213
Communicator
05-04-2018
05:35 PM
I'm having a similar issue. Basically I've configured it to run every 5 minutes (splunkd doesn't say it's an invalid cron), however it only runs once at start. Sometimes it will run once at start, and then 5 minutes later (so I know the cron is correct) but then never again. If I do it the old way (i.e. cmd and invoking powershell) it works fine.
Get Updates on the Splunk Community!
What You Read The Most: Splunk Lantern’s Most Popular Articles!
Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...
Announcing the General Availability of Splunk Enterprise Security 8.1!
We are pleased to announce the general availability of Splunk Enterprise Security 8.1. Splunk becomes the only ...
Developer Spotlight with William Searle
The Splunk Guy: A Developer’s Path from Web to Cloud
William is a Splunk Professional Services Consultant with ...
