Create an nf configuration file in the %SPLUNK_HOME%\etc\system\local directory.On the Splunk platform instance that will run the script, open a PowerShell window.Write a PowerShell command or script to capture the information you want.See the Microsoft documentation on PowerShell for details.Ĭonfigure inputs with configuration files There might be additional requirements to run PowerShell scripts depending on the version of Windows and PowerShell.NET version 4.5 or higher must be installed on the machine. PowerShell version 3.0 or higher must be installed on the machine.The Splunk platform instance must be configured to use the Local System user to run all PowerShell scripts.
#SPLUNK FOR WINDOWS 10 INSTALL#
See Install on Windows in the Installation Manual. The Splunk platform instance must run on Windows.Splunk Cloud Platform must receive Windows data that comes from PowerShell scripts from a universal forwarder that is installed on a Windows machine.If you use Splunk Cloud Platform and want to monitor script output, use the universal forwarder to ingest the output from a Windows machine and forward it to your Splunk Cloud Platform deployment. The Splunk platform then indexes the output of these commands or scripts as events. You can use the PowerShell input to run a single PowerShell command or reference a PowerShell script. The Splunk platform supports monitoring events received through PowerShell scripts. You can create scripts with the language and output the results of those scripts as objects to other scripts. It lets you handle Windows operations from a command-line interface. PowerShell is a scripting language that comes with many versions of Windows. Monitor Windows data with PowerShell scripts
0 kommentar(er)
