Splunk ver : 6.6.6
OS : Linux 7
Universal Forwarder ver : 6.6.6
OS : Windows Server 2016
I configured below `inputs.conf` and `sample.ps1` in Universal Forwarder and Splunk indexed once, but after that no more event was indexed.
`inputs.conf`
[powershell://power_shell_sapmle]
script = . "$SplunkHome\etc\apps\sample_app\bin\sample.ps1"
interval = */1 * * * *
sourcetype = power_shell_sapmle
`sample.ps1`
$Output = invoke-expression "wmic cpu list brief"
Write-Output $Output
Is my configuration wrong?
Please someone help me.
↧