SA modular input powershell is directing data to d...

rjvydla · ‎05-14-2018

Hi All,
i tried using SA_modular_input_powershell app and i gave windows index in inputs.conf as index = windows.
when i didn't gave any index, the data is going to default main index. But when i gave index = windows or something the data is not getting generated.
what might be the reason.

ex:
[powershell://DriverInfo]
script = . "C:/Program Files/SplunkUniversalForwarder/etc/apps/SA-ModularInput-PowerShell/bin/DriverVersion.ps1"
interval = 14400

index = windows
sourcetype = Powershell

Thank you.

xpac · ‎05-15-2018

Most likely reason - the index you entered hasn't been created before.

Hope that helps - if it does I'd be happy if you would upvote/accept this answer, so others could profit from it. 🙂

rjvydla · ‎05-15-2018

i have been using the index i gave for other normal apps. it was woriking there but not in this app.

SA modular input powershell is directing data to default main indexer?

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Detection Engineering Office Hours: Real-World Troubleshooting & Q&A

Developer Spotlight with Mika Borner

Continue Your Federation Journey: Join Session 3 of the Bootcamp Series

Join the Conversation