Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Troubleshooting why a powershell script is not running

DamageSplunk
Explorer
‎01-22-2015 11:02 AM

I have an app that I'm deploying called fake-app on Windows systems. It's based on getting the share permissions in the Splunk blog a
few weeks ago.

[note: fake app is how I deploy and test new apps before I send them out to all systems]

dir .\fake-app /s /b
\deployment-apps\fake-app\bin\RunWin32_Share.cmd
\deployment-apps\fake-app\bin\Win32_Share.ps1
\deployment-apps\fake-app\local\inputs.conf

The app is distributed to the servers.

inputs.conf

[powershell://RunWin32_Share]
script = .\bin\Win32_Share.ps1
DATETIME_CONFIG = CURRENT
#run it every 5 minutes
schedule = */5 * * * *
index = machine
sourcetype = Win32Share

If you run the script on the machine it works just fine but trying to get it to run under the UniversalForwarder doesn't appear to work.

I don't see where the execution is getting tried and failing in the logs though

Any ideas on why it's failing or how to troubleshoot?

Reply

gflynn
Explorer
‎09-09-2015 06:05 AM

In inputs.conf, try:

script = $SplunkHome\etc\apps\fake-app\bin\Win32_Share.ps1
Reply
Get Updates on the Splunk Community!

Splunk APM & RUM | Upcoming Planned Maintenance

There will be planned maintenance of the streaming infrastructure for Splunk APM and Splunk RUM in the coming ...

Part 2: Diving Deeper With AIOps

Getting the Most Out of Event Correlation and Alert Storm Detection in Splunk IT Service Intelligence   Watch ...

User Groups | Upcoming Events!

If by chance you weren't already aware, the Splunk Community is host to numerous User Groups, organized ...