Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Powershell script not running always on schedule - Splunk Add On for Microsoft HyperV

scostic
Observer
‎01-22-2022 09:27 PM

Hello, I am running Splunk Add for Microsoft Hyper-V  on 10 different Hyper-V hosts with a splunk forwarder each, but not all powershell scripts are executed on schedule.    My problem is with the long running scripts getvm_inventory.ps1 and getvm_inventoryext.ps1. The rest of the scripts are executed on schedule.

I have the following inputs.conf

############# VM #############
[powershell://GetVM_Inventory]
script = . "$SplunkHome\etc\apps\Splunk_TA_microsoft-hyperv\bin\GetVM_Inventory.ps1"
schedule = 0 0 4-8/1 ? * *
source = microsoft:hyperv:powershell:getvm_inventory.ps1
sourcetype = microsoft:hyperv:vm
index = ctc_hyperv_inventory
disabled = 0

[powershell://GetVM_InventoryEXT]
script = . "$SplunkHome\etc\apps\Splunk_TA_microsoft-hyperv\bin\GetVM_InventoryEXT.ps1"
schedule = 0 20 4-8/1 ? * *
source = microsoft:hyperv:powershell:getvm_inventoryext.ps1
sourcetype = microsoft:hyperv:vm:ext
index = ctc_hyperv_inventory
disabled = 0

 

from the logs I see that they are executed correctly . The only difference from other scripts is the execution that is much longer.

 

01-23-2022 06:00:10.4694493+2 INFO End of executing script=. "$SplunkHome\etc\apps\Splunk_TA_microsoft-hyperv\bin\GetVM_Inventory.ps1" for stanza=GetVM_Inventory, execution_time=10.3504674 seconds
01-23-2022 06:00:00.1169827+2 INFO Start executing script=. "$SplunkHome\etc\apps\Splunk_TA_microsoft-hyperv\bin\GetVM_Inventory.ps1" for stanza=GetVM_Inventory
01-23-2022 06:00:00.1139817+2 INFO enqueue job for stanza=GetVM_Inventory
01-23-2022 05:00:10.5518190+2 INFO End of executing script=. "$SplunkHome\etc\apps\Splunk_TA_microsoft-hyperv\bin\GetVM_Inventory.ps1" for stanza=GetVM_Inventory, execution_time=10.4093991 seconds
01-23-2022 05:00:00.1404194+2 INFO Start executing script=. "$SplunkHome\etc\apps\Splunk_TA_microsoft-hyperv\bin\GetVM_Inventory.ps1" for stanza=GetVM_Inventory
01-23-2022 05:00:00.1374214+2 INFO enqueue job for stanza=GetVM_Inventory
01-23-2022 04:00:13.0595973+2 INFO End of executing script=. "$SplunkHome\etc\apps\Splunk_TA_microsoft-hyperv\bin\GetVM_Inventory.ps1" for stanza=GetVM_Inventory, execution_time=11.6046748 seconds

 

Thank you in advance.

Labels (2)
0 Karma
Reply
Get Updates on the Splunk Community!

Meet Duke Cyberwalker | A hero’s journey with Splunk

We like to say, the lightsaber is to Luke as Splunk is to Duke. Curious yet? Then read Eric Fusilero’s latest ...

The Future of Splunk Search is Here - See What’s New!

We’re excited to introduce two powerful new search features, now generally available for Splunk Cloud Platform ...

Splunk is Nurturing Tomorrow’s Cybersecurity Leaders Today

Meet Carol Wright. She leads the Splunk Academic Alliance program at Splunk. The Splunk Academic Alliance ...