Getting Data In

Testing Splunk UF config on Windows, with Inspec.

New Member


I have 2 installations of Splunk. One on a Linux image, one on a Windows 2016 image - both on AWS.

I am testing that that both Trend and Splunk are configured correctly. I have a complete set of tests for the Linux version, but I'm having trouble refactoring for Windows Powershell (I am running my tests remotely and RDP-ing to the Windows VM.

My Linux code is as follows:

SplunkServer = attribute('SplunkServer')
SplunkUser = attribute('SplunkUser')
SplunkPassword = attribute('SplunkPassword')

describe command("sudo /opt/splunkforwarder/bin/splunk list forward-server -auth #{SplunkUser}:#{SplunkPassword}") do
its ('stdout') {should match /^Active.forwards:\n\t#{Splunk_Server}\nConfigured.but.inactive.forwards:\n\tNone/}


So, I want to read the output of the Linux command and have Inspec verify the output. The command will obviously change for Powershell. Any ideas what this would be to obtain the same result?

Thanks in advance

0 Karma