Getting Data In
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Is there a way to run a PowerShell script locally from Splunk?

SplunkIsLife
Explorer
‎09-28-2018 10:39 AM

I'm trying to hit an API with a PowerShell command through Splunk without needing to ingest the logs on a regular cadence (and setting up a VM to forward the logs, etc). Is there a way to do this with a command similar to the |jira command?

Reply

JDukeSplunk
Builder
‎09-28-2018 10:54 AM

I don't see why not.

We have some powershell scripts that we just kick off by way of a batch file. So get a working batch file that runs your powershell the way you would expect, then put the batch file in Splunk at whatever internval/sourcetype whatever you like in Settings>>Data inputs>>Scripts.

Or maybe under
Powershell v3 Modular Input
Settings>>Data inputs » Powershell v3 Modular Input.

0 Karma
Reply

SplunkIsLife
Explorer
‎09-28-2018 11:38 AM

Wouldn't this ingest it though? I'm trying to not ingest logs at a regular cadence, just call an API and read logs in on a one-off basis without having them live on an indexer

0 Karma
Reply

JDukeSplunk
Builder
‎10-02-2018 10:21 AM

Maybe, maybe not. If your powershell/batch executes and writes out to a text/log file but does not echo it to console then Splunk will ingest the command, and the output of the command. @echo off?

Something like..

DATE C:\Somefolder\somefile.bat
DATE C:\Somefolder\somefile.ps1

and that should be it.

You can then tell the file monitor portion of Splunk to read the output file log if you so choose.
If the scripts output verbosely to the console then Splunk will probably pick that up.

I've not done Windows batch in a while or powershell scripting much at all, but I think you would want your file to do the Linux equivalent of >dev null if you don't want Splunk to pickup the actual script output.

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Announcing Modern Navigation: A New Era of Splunk User Experience

We are excited to introduce the Modern Navigation feature in the Splunk Platform, available to both cloud and ...

Modernize your Splunk Apps – Introducing Python 3.13 in Splunk

We are excited to announce that the upcoming releases of Splunk Enterprise 10.2.x and Splunk Cloud Platform ...

Step into “Hunt the Insider: An Splunk ES Premier Mystery” to catch a cybercriminal ...

After a whole week of being on call, you fell asleep on your keyboard, and you hit a sequence of buttons that ...