Getting Data In

How to list forward-server in PowerShell?

srinivasup
Explorer

I'm trying to list all forwarders by using list forward-server command in PowerShell, but not able to execute this command.

Could you please let me know which module needs to be imported into the script to use list forward-server command?

Thanks in advance

jkat54
SplunkTrust
SplunkTrust

Splunk.exe spits out some weird stuff thats hard to wrap up. Its actually easier to get the list from the api or to use the splunk powershell sdk.

https://answers.splunk.com/answers/400602/how-to-create-a-powershell-script-to-list-forwarde.html#an...

add-type @"
using System.Net; using System.Security.Cryptography.X509Certificates; public class TrustAllCertsPolicy : ICertificatePolicy { public bool CheckValidationResult( ServicePoint srvPoint, X509Certificate certificate, WebRequest request, int certificateProblem) { return true; } } 
"@ 

[System.Net.ServicePointManager]::CertificatePolicy = New-Object TrustAllCertsPolicy 
$user = "admin" 
$pass = convertto-securestring -AsPlainText -Force -String 'admin' #your password here 
$cred = new-object -typename System.Management.Automation.PSCredential -argumentlist $user,$pass 
$request = Invoke-WebRequest -uri https://localhost:8089/services/data/outputs/tcp/default -credential $cred 
$request.Content 
$request = Invoke-WebRequest -uri https://localhost:8089/services/data/outputs/tcp/group -credential $cred 
$request.Content 
$request = Invoke-WebRequest -uri https://localhost:8089/services/data/outputs/tcp/server -credential $cred 
$request.Content
$request = Invoke-WebRequest -uri https://localhost:8089/services/data/outputs/tcp/allconnections -credential $cred 
$request.Content
0 Karma

srinivasup
Explorer

Hi,

This is not executing.. Im looking for powershell script which will return list of forwarders

Is there any module available to use splunk list forward-server command in power shell script

0 Karma

jkat54
SplunkTrust
SplunkTrust

http://dev.splunk.com/view/splunk-powershell-resource-kit/SP-CAAADRU

See the link here for powershell modules. I reformatted my powershell code above so it will copy and paste better. Please try it again if you like, or use the powershell resource kit from splunk.

0 Karma

jkat54
SplunkTrust
SplunkTrust

Taking it a step further using invoke-restmethod:

$user = "admin" 
$pass = convertto-securestring -AsPlainText -Force -String 'admin' #your password here 
$cred = new-object -typename System.Management.Automation.PSCredential -argumentlist $user,$pass 
$request = Invoke-RestMethod -uri https://localhost:8089/services/data/outputs/tcp/server -credential $cred 
$request.title
0 Karma

somesoni2
Revered Legend

Find any powershell doc which tells you how to run an executable/command (splunk.exe list forwarder-server).

http://social.technet.microsoft.com/wiki/contents/articles/7703.powershell-running-executables.aspx

0 Karma

srinivasup
Explorer

Thanks for the response

but this is not working

I tried as below

c:\ProgramFiles\SplunkUniversalForwarder\bin\splunk.exe list forward-server

its throwing an error message.

Pelase advice on this

0 Karma

somesoni2
Revered Legend

What is the error message you get? this command requires authentication as well, you would have to run like this

c:\ProgramFiles\SplunkUniversalForwarder\bin\splunk.exe list forward-server -auth username:password
0 Karma

TonyLeeVT
Builder

Thanks somesoni2:

c:\ProgramFiles\SplunkUniversalForwarder\bin\splunk.exe list forward-server -auth username:password

Worked for me for supplying creds, however I am not using powershell to call this... instead I am using winexe from Linux.

0 Karma

srinivasup
Explorer

This is working fine from the PS terminal but I just used list forward-server command in ps script ..its not working

$ServerName = get-content "c:\serverlist.txt"

foreach ($Server in $ServerName) {

   if (test-Connection -ComputerName $Server -Count 2 -Quiet -cred $cred) {

          write-Output "$Server is up."



          $rv = Invoke-Command -ScriptBlock {

                 $splunk = ' C:\Program Files\splunkUniversalforwarder\bin\splunk.exe'

                 & $splunk list forward-server



    } -Computername $Server

    Write-Output $rv



   } else {

          Write-Warning "$Server not responding"

   }  

}

0 Karma

somesoni2
Revered Legend

What error you get?

0 Karma
Get Updates on the Splunk Community!

What's New in Splunk Enterprise 9.4: Features to Power Your Digital Resilience

Hey Splunky People! We are excited to share the latest updates in Splunk Enterprise 9.4. In this release we ...

Take Your Breath Away with Splunk Risk-Based Alerting (RBA)

WATCH NOW!The Splunk Guide to Risk-Based Alerting is here to empower your SOC like never before. Join Haylee ...

SignalFlow: What? Why? How?

What is SignalFlow? Splunk Observability Cloud’s analytics engine, SignalFlow, opens up a world of in-depth ...