I have server "X" on which is installed a universal forwarder.
Typically, I'd use the universal forwarder's cron functionality to trigger the execution of a PowerShell script. The PowerShell script will have been implemented using PowerShell modular input to send the data to an indexer, i.e., the script emits a stream of .NET objects and Splunk does the right thing with them.
Now, I have a PowerShell script whose execution is triggered by an event external to the universal forwarder. This script will also emit a stream of .NET objects and I want to use PowerShell modular input to send data to an indexer.
How to externally trigger the universal forwarder to send data using PowerShell modular input to an indexer?
I would appreciate it if you'd provide locations of and examples of *.conf files
↧