Hi folks,
I am having problems integrating the Splunk Add-on for Microsoft Powershell. My goal is that I want to run a process that collects machine data once a day at a specific time across all my systems, then feed the data to a dashboard for reporting. I've tried the Splunk_TA_Windows installedapps.bat file, but that does not collect the right information. I also tried WinHOSTMon which does get the data, but has a field extraction issue with the DisplayName field, and further has been deprecated as of 6.3. I am now using Powershell and am having problems.
Below is my input syntax:
# this should run every 5 minutes for testing and QC of the dashboard.
[powershell://installedapps]
script = . "$SplunkHome\etc\apps\Splunk_TA_windows\bin\installedapps.ps1"
index = windows
interval = 0 /5 * ? * ? *
sourcetype = powershell:installedapps
disabled = false
The input runs the following powershell command:
Get-WmiObject -Class Win32_Product | Format-List -Property Name,InstallDate,InstallLocation,PackageCache,Vendor,Version,IdentifyingNum
The results are not being populated in my index. I'm getting GUID's and the following:
formatEntryInfo="Microsoft.PowerShell.Commands.Internal.Format.ListViewEntry"
outOfBand="False"
writeErrorStream="False"
What am I doing wrong?
Thanks in advance for any help or suggestions.
... View more