Hi,
I am trying to get input from a powershell script.
It drives me up the walls. I already have other PS scripts running just fine, so this really puzzles me.
I have 3 heavy forwarder on Splunk 8.0.2.1 and 18 universal forwarders on Splunk 7.2.4.
When using this inputs.conf setting:

[powershell://df]
script = Get-WmiObject Win32_LogicalDisk | Select-Object DeviceID,Size,FreeSpace | findstr.exe  '[0-9]$'
index = os_monitoring
schedule=*/5 * * * *
source=df-win
sourcetype=os:monitoring:diskspace
disabled = 0

I get only input on 3 UF hosts and 2 HF hosts.
One of the HF hosts delivers the following in the _audit log, but no output.

05-04-2020 16:35:00.0014151+2 INFO enqueue job for stanza=df
05-04-2020 16:35:00.0014151+2 INFO Start executing script=Get-WmiObject Win32_LogicalDisk | Select-Object DeviceID,Size,FreeSpace | findstr.exe  '[0-9]$' for stanza=df
05-04-2020 16:35:00.0170289+2 INFO End of executing script=Get-WmiObject Win32_LogicalDisk | Select-Object DeviceID,Size,FreeSpace | findstr.exe  '[0-9]$' for stanza=df, execution_time=0.0156138 seconds

The other boxes do not deliver anything in terms of output or errors, I just see that the app is deployed.

When switching to a real script like in the following

script = . "$SplunkHome\etc\apps\FA-windows-diskspace\bin\scripts\df.ps1"

I again get the the same result. The majority of systems do not deliver output and I see no errors in the _* indices.

I am a bit lost.
I would expect all machines to fail or none, but not this inconsistent behaviour.

Any ideas?

thx
afx