Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Powershell script not running always on schedule - Splunk Add On for Microsoft HyperV

scostic
Observer
‎01-22-2022 09:27 PM

Hello, I am running Splunk Add for Microsoft Hyper-V  on 10 different Hyper-V hosts with a splunk forwarder each, but not all powershell scripts are executed on schedule.    My problem is with the long running scripts getvm_inventory.ps1 and getvm_inventoryext.ps1. The rest of the scripts are executed on schedule.

I have the following inputs.conf

############# VM #############
[powershell://GetVM_Inventory]
script = . "$SplunkHome\etc\apps\Splunk_TA_microsoft-hyperv\bin\GetVM_Inventory.ps1"
schedule = 0 0 4-8/1 ? * *
source = microsoft:hyperv:powershell:getvm_inventory.ps1
sourcetype = microsoft:hyperv:vm
index = ctc_hyperv_inventory
disabled = 0

[powershell://GetVM_InventoryEXT]
script = . "$SplunkHome\etc\apps\Splunk_TA_microsoft-hyperv\bin\GetVM_InventoryEXT.ps1"
schedule = 0 20 4-8/1 ? * *
source = microsoft:hyperv:powershell:getvm_inventoryext.ps1
sourcetype = microsoft:hyperv:vm:ext
index = ctc_hyperv_inventory
disabled = 0

 

from the logs I see that they are executed correctly . The only difference from other scripts is the execution that is much longer.

 

01-23-2022 06:00:10.4694493+2 INFO End of executing script=. "$SplunkHome\etc\apps\Splunk_TA_microsoft-hyperv\bin\GetVM_Inventory.ps1" for stanza=GetVM_Inventory, execution_time=10.3504674 seconds
01-23-2022 06:00:00.1169827+2 INFO Start executing script=. "$SplunkHome\etc\apps\Splunk_TA_microsoft-hyperv\bin\GetVM_Inventory.ps1" for stanza=GetVM_Inventory
01-23-2022 06:00:00.1139817+2 INFO enqueue job for stanza=GetVM_Inventory
01-23-2022 05:00:10.5518190+2 INFO End of executing script=. "$SplunkHome\etc\apps\Splunk_TA_microsoft-hyperv\bin\GetVM_Inventory.ps1" for stanza=GetVM_Inventory, execution_time=10.4093991 seconds
01-23-2022 05:00:00.1404194+2 INFO Start executing script=. "$SplunkHome\etc\apps\Splunk_TA_microsoft-hyperv\bin\GetVM_Inventory.ps1" for stanza=GetVM_Inventory
01-23-2022 05:00:00.1374214+2 INFO enqueue job for stanza=GetVM_Inventory
01-23-2022 04:00:13.0595973+2 INFO End of executing script=. "$SplunkHome\etc\apps\Splunk_TA_microsoft-hyperv\bin\GetVM_Inventory.ps1" for stanza=GetVM_Inventory, execution_time=11.6046748 seconds

 

Thank you in advance.

Labels (2)
0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...