Hello,
I've created a Powershell script that I use to monitor a folder.
It all works how it's suppose to work, but the problem is when I deploy it as an Splunk App, it starts the Script but doesn't keep the powershell process alive.
Here are the input.conf en .path files I've used.
inputs.conf
[script://$SPLUNK_HOME\etc\apps\TA_TEST\bin\FolderMonitor.path]
disable=false
interval=-1
index=winlogs
FolderMonitor.path
$Systemroot\System32\WindowsPowerShell\v1.0\powershell.exe -executionpolicy bypass -Command " & '$SPLUNK_HOME\etc\apps\TA_TEST\bin\FolderMonitor.ps1'"
I've tried several things
Changing the .path file to powershell.exe -noexit -noprofile -executionpolicy bypass -Command, but that didn't work at least not when it's deployed by Splunk if I put that directly in Command Prompt it does work.
Changing the interval from -1 to 0 but that just started a new powershell process, and I need the original process to be kept alive.
Any tips or help would be grealy appreciated.
With kind regards,
Patrick
↧