Splunk Enterprise
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question

Splunk Scripting- GUI or stanza

jmasat
Observer
‎06-23-2020 09:39 AM

Team,

i wish to utilize Powershell scripts, deployed to remote clients via the GUI interface - or CLI

Whichever can be made to work.

1. The CLI (Inputs.conf) works if created and maintained on each client

2. The remote script  GUI only seems to work for bat files.

3. The V3 modular input only seems to work for localhost

 

History:

 i have successfully utilized  powershell scripts with in the inputs.conf (placed on each forwarder)

example :   
script = . "C:\Program Files\Splunk\etc\apps\My-App\bin\script.ps1

( I chose to use the full path as the env variable does not seem to stick-- set or setx does not seem to matter)

The downfall of this is the script/ inputs.conf has to be updated manually on each client.

 

i have successfully utilized batch from the GUI (settings > data inputs >remote scripts)

$SPLUNK_HOME/etc/apps/_server_app_W64_NETWORK_INFO/bin/netstat.bat

Attempts with .ps1 scripts does not work.  

 

Tried utilizing the Powershell v3 Modular Input

that method only targets the local host (server) 

 

Labels (2)
Labels
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎06-23-2020 10:36 AM

The Best Practice method to do that is by using the Deployment Server (DS) to deploy an app containing your script to the target clients.  You can even tell the DS to send the app only to Windows clients.  Updates to the script are easy - just update the script on the DS and the DS sends the new script to the clients.

Another popular approach is to use Ansible, Puppet, SCCM, or similar tool to deliver the script to the clients.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

jmasat
Observer
‎06-23-2020 11:17 AM

DEPLOYED APPS SUCCESSFULLY
 
 This is indicated in the  edit server class pane
 
 Is the server deploying? 
 
As i stated   batch files are working great- Powershell is not
 
 
Tags (1)
0 Karma
Reply

jmasat
Observer
‎06-23-2020 10:47 AM

i will look at the DS--  

have not gone that direction yet- too new to Spunk

 

The other tools are not available  in this environment

 

0 Karma
Reply
Get Updates on the Splunk Community!

Index This | What’s a riddle wrapped in an enigma?

September 2025 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with this ...

BORE at .conf25

Boss Of Regular Expression (BORE) was an interactive session run again this year at .conf25 by the brilliant ...

OpenTelemetry for Legacy Apps? Yes, You Can!

This article is a follow-up to my previous article posted on the OpenTelemetry Blog, "Your Critical Legacy App ...