Splunk Enterprise
×

Join the Conversation

Without signing in, you're just watching from the sidelines. Sign in or Register to connect, share, and be part of the Splunk Community.
Ask a Question

Splunk Scripting- GUI or stanza

jmasat
Observer
‎06-23-2020 09:39 AM

Team,

i wish to utilize Powershell scripts, deployed to remote clients via the GUI interface - or CLI

Whichever can be made to work.

1. The CLI (Inputs.conf) works if created and maintained on each client

2. The remote script  GUI only seems to work for bat files.

3. The V3 modular input only seems to work for localhost

 

History:

 i have successfully utilized  powershell scripts with in the inputs.conf (placed on each forwarder)

example :   
script = . "C:\Program Files\Splunk\etc\apps\My-App\bin\script.ps1

( I chose to use the full path as the env variable does not seem to stick-- set or setx does not seem to matter)

The downfall of this is the script/ inputs.conf has to be updated manually on each client.

 

i have successfully utilized batch from the GUI (settings > data inputs >remote scripts)

$SPLUNK_HOME/etc/apps/_server_app_W64_NETWORK_INFO/bin/netstat.bat

Attempts with .ps1 scripts does not work.  

 

Tried utilizing the Powershell v3 Modular Input

that method only targets the local host (server) 

 

Labels (2)
Labels
0 Karma
Reply

richgalloway
SplunkTrust
SplunkTrust
‎06-23-2020 10:36 AM

The Best Practice method to do that is by using the Deployment Server (DS) to deploy an app containing your script to the target clients.  You can even tell the DS to send the app only to Windows clients.  Updates to the script are easy - just update the script on the DS and the DS sends the new script to the clients.

Another popular approach is to use Ansible, Puppet, SCCM, or similar tool to deliver the script to the clients.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Reply

jmasat
Observer
‎06-23-2020 11:17 AM

DEPLOYED APPS SUCCESSFULLY
 
 This is indicated in the  edit server class pane
 
 Is the server deploying? 
 
As i stated   batch files are working great- Powershell is not
 
 
Tags (1)
0 Karma
Reply

jmasat
Observer
‎06-23-2020 10:47 AM

i will look at the DS--  

have not gone that direction yet- too new to Spunk

 

The other tools are not available  in this environment

 

0 Karma
Reply
Got questions? Get answers!

Join the Splunk Community Slack to learn, troubleshoot, and make connections with fellow Splunk practitioners in real time!

Meet up IRL or virtually!

Join Splunk User Groups to connect and learn in-person by region or remotely by topic or industry.

Get Updates on the Splunk Community!

Automating Threat Operations and Threat Hunting with Recorded Future

    Automating Threat Operations and Threat Hunting with Recorded Future June 29, 2026 | Register   Is your ...

Keep the Learning Going with the New Best of .conf Hub

Hello Splunkers, With .conf26 getting closer, there’s already a lot of excitement building around this year’s ...

Splunk Community Badges!

  Hey everyone! Ready to earn some serious bragging rights in the community? Along with our existing badges ...