**Splunk Enterprise 6.3 on Windows 2012r2
Windows Universal forwarder also 6.3 on Windows 2012r2**
I have deployed the latest versions (as of January 2016) of the Splunk Windows Infrastructure app including the TA-DomainController-2012R2 (and the SA-ModularInput-PowerShell) to one of my domain controllers. I adjusted all the script monitor intervals to run the powershell scripts a lot less often than the default, but I still notice that the powershell.exe process *never exits...* Is this by design?
The process commandline in task manager is:
powershell.exe -command "&get-content "c:\windows\temp\input[bunch of characters].tmp" | "c:\program files\splunkuniversalforwarder\bin\splunk-powershell.ps1" "c:\program files\splunkuniversalforwarder" ([same bunch of characters])"
Seems the memory usage on this is also slowly creeping up which is concerning.
I am following the best practices listed in the documentation including disabling the admon input.
↧