Troubleshooting why a powershell script is not run...

DamageSplunk · ‎01-22-2015

I have an app that I'm deploying called fake-app on Windows systems. It's based on getting the share permissions in the Splunk blog a
few weeks ago.

[note: fake app is how I deploy and test new apps before I send them out to all systems]

dir .\fake-app /s /b
\deployment-apps\fake-app\bin\RunWin32_Share.cmd
\deployment-apps\fake-app\bin\Win32_Share.ps1
\deployment-apps\fake-app\local\inputs.conf

The app is distributed to the servers.

inputs.conf

[powershell://RunWin32_Share]
script = .\bin\Win32_Share.ps1
DATETIME_CONFIG = CURRENT
#run it every 5 minutes
schedule = */5 * * * *
index = machine
sourcetype = Win32Share

If you run the script on the machine it works just fine but trying to get it to run under the UniversalForwarder doesn't appear to work.

I don't see where the execution is getting tried and failing in the logs though

Any ideas on why it's failing or how to troubleshoot?

gflynn · ‎09-09-2015

In inputs.conf, try:

script = $SplunkHome\etc\apps\fake-app\bin\Win32_Share.ps1

Troubleshooting why a powershell script is not running

New Year, New Changes for Splunk Certifications

[Puzzles] Solve, Learn, Repeat: Unmerging HTML Tables

Enterprise Security (ES) Essentials 8.3 is Now GA — Smarter Detections, Faster ...

Join the Conversation

Troubleshooting why a powershell script is not running

New Year, New Changes for Splunk Certifications

[Puzzles] Solve, Learn, Repeat: Unmerging HTML Tables

Enterprise Security (ES) Essentials 8.3 is Now GA — Smarter Detections, Faster ...