Currently we are using VB scripts to query the WMI namespace within windows for data collection I have written a simple script to pull filesystem information in csv format. The issue is that Splunk will only ingest the header and the first row of data and nothing further.
Example data:
filesystem,label,type,format,capacitymb,freespace,pctused
C:,OSDisk,Local Fixed Disk,NTFS,475914,384259,19.26
H:,Users,Network Connection,NTFS,2097022,553788,73.59
P:,public,Network Connection,NTFS,5242750,2229850,57.47
**inputs.conf**
[script://.\bin\filesystem.bat]
disabled = 0
interval = 60
source = filesystem
sourcetype = windows:filesystem
index = custom_temp
**props.conf**
[windows:filesystem]
INDEXED_EXTRACTIONS=CSV
SHOULD_LINEMERGE = false
FIELD_HEADER_REGEX=(^filesystem,.*)
↧