hi,
Im trying to use this app (as per tutorial from http://blogs.splunk.com/2013/06/24/monitoring-processes-on-windows/) however I'm running into a problem as per below:
05-28-2014 11:39:28.235 +0100 ERROR ModularInputs - Introspecting scheme=powershell: script running failed (exited with code 255).
05-28-2014 11:39:28.235 +0100 ERROR ModularInputs - Unable to initialize modular input "powershell" defined inside the app "SA-ModularInput-PowerShell": Introspecting scheme=powershell: script running failed (exited with code 255).
My inputs.conf under C:\Program Files\SplunkUniversalForwarder\etc\apps\SA-ModularInput-PowerShell\local
[powershell://Processes]
script = Get-WmiObject -class win32_process | Add-Member -MemberType ScriptProperty -PassThru -Name Username -Value { $ud = $this.GetOwner(); $user=$ud.Domain+"\"+$ud.User; if ($user -eq "\") { "SYSTEM" } else { $user } }|select ProcessId, Name, Username, Priority, ReadOperationCount, WriteOperationCount, CreationDate, Handle, VirtualSize, WorkingSetSize, UserModeTime, ThreadCount
schedule = 0,15,30,45 * * ? * *
source = PowerShell
sourcetype = PowerShell:Process
I've checked execution prolicy:
PS C:\Users\ireutildev> get-executionpolicy
RemoteSigned
version:
c:\Program Files\SplunkUniversalForwarder\bin>splunk version
Splunk Universal Forwarder 6.1.1 (build 207789)
Any ideas?
Thanks,
mic.
... View more