I have an app that I'm deploying called fake-app on Windows systems. It's based on getting the share permissions in the Splunk blog a
few weeks ago.
[note: fake app is how I deploy and test new apps before I send them out to all systems]
dir .\fake-app /s /b
The app is distributed to the servers.
script = .\bin\Win32_Share.ps1
DATETIME_CONFIG = CURRENT
#run it every 5 minutes
schedule = */5 * * * *
index = machine
sourcetype = Win32Share
If you run the script on the machine it works just fine but trying to get it to run under the UniversalForwarder doesn't appear to work.
I don't see where the execution is getting tried and failing in the logs though
Any ideas on why it's failing or how to troubleshoot?