I'm already using the Powershell v3 Modular Input to get data in. I want an alert to run a Powershell script, like Splunk used to provide before it was deprecated.
What I determined is I was sending the object itself, which seems to be dict , as a parameter. Its default ToString method just outputs the name of the parameter, which lines up with what I was seeing. That's definitely not going to work, and needs to be serialized. Since it's JSON, it's very difficult to send as a parameter (Splunk also seems to use single quotes for JSON which isn't to standard).
... View more