There seems to be confusion about what the Powershell inputs require from a schedule perspective. The quartz requirement seems to stem from the old Add-on for Powershell that is out on Splunk base.

http://www.cronmaker.com/ creates quartz based expressions, however if you use those expressions, splunkd.log will report it as invalid. For example, they say to use 0 0/5 * * * ? to trigger every 5 minutes. That results in the error below when restarting the forwarder:

05-05-2018 09:32:25.199 -0500 ERROR ExecProcessor - message from ""C:\Program Files\SplunkUniversalForwarder\bin\splunk-powershell.exe"" splunk-powershell - Powershell::InitPowershell: Stanza checkdnsext. Invalid cron schedule:

0/5 * * * *

Also, please refer back to my original post. Splunk forums was stripping out a part of my cron schedule.

Hey, you're right, I missed that part.
I've to admit I don't know why there's a Powershell add-on when Powershell support is already built-in.
The built-in seems to use the 5 positions, so, yeah, yours should work (and also, it seems to work, if not reliable.
You could try setting schedule = 300 to run it every 300 seconds, also the execution time wouldn't be aligned to :*5 and :*0. Also, you could try to search index=_internal host=yourhost ExecProcessor to see when the ExecProcesor schedules your input and for what time/schedule - maybe you can see any strange behavior in those logs.

Do you have any logs in your systems that show ExecProcessor scheduling powershell inputs? I only see logs for the input if the cron is invalid, otherwise it doesn't mention that it has scheduled anything.

Yeah this is all very confusing, and the documentation you find isn't clear, and contradictory in some spots. I'll give those a shot, I didn't know about that _internal search. Thanks for the responses

It seems to strip out the 6th position in the Cron for a [powershell://test] stanza.