I have installed Splunk in my windows machine and I want to give the scripted input to Splunk.
I know Splunk does provide ".bat Programming" , Does Splunk support "Powershell Scripting" ?
If yes then plz share any document where it is clearly defined that how to give "powershell scripting" as an input to the splunk
Splunk will run any scripting language your operating system supports whether it be perl, python, ruby, bat, vb, ps1(powershell), etc. Your OS just need to have an interpreter for it. So yes it can.
Do the the following and I am assuming you have are building or have built TA or an app to hold these scripts.
create a bat script like such called psexecut.cmd:
Powershell -command ". '%SPLUNK_HOME\etc\apps\%MYSPLUNKAPP\bin\powershell\%1'"
Within a inputs.conf file
source = <ps_script_name>
sourcetype = Powershell
interval =10 #in seconds
index = wintel #your index
Also read Scripted inputs for more information. Also down load some apps and start dissecting them to see how other are build theirs.
Hope this helps or gets you started. If this does help does help dont forget to accept and vote up the answer.
Were you able to get the %SPLUNKHOME part of the cmd file to work? When I run it that way I get this:
The module 'SPLUNKHOME' could not be loaded. For more information, run 'Import-Module SPLUNK_HOME'
@SloshBurch, Hello I am assuming that SPLUNKHOME already an SYSTEMENVIRONMENT variable on the system the script is running on. If it is not you will need to use the SET comment . SET SPLUNK_HOME=D:/program files/splunk or the equivalent path.
I guess I assumed it was available as part of the splunk run time (like how it is for other scripts). Is it not the same as the $SPLUNK_HOME environment variable available to splunk already? Let me know if that made no sense.
$SPLUNK_HOME is only known to splunk native processes. Powershell is a windows specific shell that doesnt not know about Splunk ENV variables. Try typing SET and see what pops up as define ENV variables.
Another option is to use the ".path file" which is (lightly) documented in the inputs.conf spec file (http://docs.splunk.com/Documentation/Splunk/5.0.2/admin/Inputsconf). See also: http://splunk-base.splunk.com/answers/309/powershell-scripted-input for examples.
From the docs:
cmd can also be a path to a file that ends with a ".path" suffix. A file with this suffix is a special type of pointer file that points to a command to be executed. Although the pointer file is bound by the same location restrictions mentioned above, the command referenced inside it can reside anywhere on the file system. This file must contain exactly one line: the path to the command to execute, optionally followed by command line arguments. Additional empty lines and lines that begin with '#' are also permitted and will be ignored.
Also, in a week or so, we are releasing a PowerShell modular input that lets you embed a PowerShell script into your inputs.conf file and has some other really cool features. Watch http://blogs.splunk.com/ for that.