Splunk Enterprise 7.0.1 not populating Events from...

sameerchowdhary · ‎01-11-2018

I have installed product Splunk Enterprise 7.0.1 & downloaded it. I installed the product on Windows 7 machine & also downloaded the Add-On named Splunk Add on for Microsoft SCOM version 2.1.0 & installed it as well into Splunk.
I configured the inputs for SCOM in Splunk for Events it but it is not fetching any data / Events from SCOM 2007 R2.

Aslo the Powershell scripts for SCOM are not working, it is throwing errors given below

powershell.exe"" splunk-powershell - Powershell::LaunchPowershellHost: CreateProcess failed: 0x2
01-11-2018 20:32:29.543 +0530 ERROR ExecProcessor - message from ""C:\Program Files\Splunk\bin\splunk-powershell.exe"" splunk-powershell - Powershell::StartPowershellHost: Failed to start powershell host.

Can anybody who have installed the SCOM Addon help me in getting it configured.

jmsbam · ‎10-23-2023

Just ran into this issue myself. In my case we found a handful of UF's that had corrupted PATH statements. Verify you have a correct system path by executing the following Powershell cmd-let

$env:path

If your path statement does not contain the following entries, chances are this is why you are receiving the .

C:\WINDOWS\system32;C:\WINDOWS;C:\WINDOWS\System32\Wbem;C:\WINDOWS\System32\WindowsPowerShell\v1.0\

Kelly · ‎08-20-2021

Was there a fix for this? I'm having the same Powershell errors. I've tried multiple 7 & 8 versions of Splunk UF.

Splunk Enterprise 7.0.1 not populating Events from SCOM 2007 R2 after installing Splunk Add on for Microsoft SCOM version 2.1.0

Infographic provides the TL;DR for the 2024 Splunk Career Impact Report

Enterprise Security Content Update (ESCU) | New Releases

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?