Getting Data In

How to test powershell scripts with Splunk environment

azun4i
Observer

Hi, 

i am trying to create an add on that runs a powershell script to perform some actions. Since i dont want to hardcode a path i would like to access $SPLUNK_HOME within my powershell script.

afaik $SPLUNK_HOME gets set as environment variable upon script start. so im using (get-item env:\SPLUNK_HOME).value 

Is there a way to "test run" my scripts with a splunk environment set?

Labels (3)
0 Karma

azun4i
Observer

hi @gcusello 

Jeah that link is known to me, but it does not address my question  if it is possible to test a script by running it with splunk context.

 for the path issue, im well aware of the possibillities of eg $PSScriptRoot and then adjusting path. 

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @azun4i,

yes you can manage a Powershell script as a scripted input, described in the above document.

In few words, you have to:

  • put the script in the bin folder of an app,
  • create a stanza in inputs.conf to run your script to run the script with the frequency you want.

Usually Splunk is used to run a script that's already tested, but you could also use Splunk in testing.

About the use of system variables, I'm not sure, the only way is to test it.

Ciao.

Giuseppe

0 Karma

azun4i
Observer

i seem to have found an answer to my question:

Test Scripts using Splunk CMD
To see the output of a script as if it was run by the Splunk system, use the following:
Mac:
/Applications/Splunk/bin/splunk cmd python
/Applications/Splunk/etc/apps/<your app>/bin/<your script>
Windows:
C:\Program Files\Splunk\bin\splunk.exe cmd C:\Program
Files\Splunk\etc\apps\<your app>\bin\<your script>
More useful command line tools to use with Splunk can be found here ->
http://docs.splunk.com/Documentation/Splunk/latest/Troubleshooting/CommandlinetoolsforusewithSupport

 taken from: http://challenges.s3.amazonaws.com/splunk/Best%20Practices%20App%20building.pdf

0 Karma

gcusello
SplunkTrust
SplunkTrust

Hi @azun4i,

di you already see this document https://docs.splunk.com/Documentation/Splunk/latest/Data/MonitorWindowsdatawithPowerShellscripts ?

Anyway, answering to your question, you can use a relative path starting from the App home path.

Ciao.

Giuseppe

0 Karma
Get Updates on the Splunk Community!

Unlock New Opportunities with Splunk Education: Explore Our Latest Courses!

At Splunk Education, we’re dedicated to providing top-tier learning experiences that cater to every skill ...

Technical Workshop Series: Splunk Data Management and SPL2 | Register here!

Hey, Splunk Community! Ready to take your data management skills to the next level? Join us for a 3-part ...

Spotting Financial Fraud in the Haystack: A Guide to Behavioral Analytics with Splunk

In today's digital financial ecosystem, security teams face an unprecedented challenge. The sheer volume of ...