https://github.com/swisscom/splunk-addon-powershell

Splunk Add-on for PowerShell provides field extraction for PowerShell event logs.
https://github.com/swisscom/splunk-addon-powershell

powershell splunk splunk-addon

Last synced: 10 months ago
JSON representation

Splunk Add-on for PowerShell provides field extraction for PowerShell event logs.

• Host: GitHub
• URL: https://github.com/swisscom/splunk-addon-powershell
• Owner: swisscom
• License: apache-2.0
• Created: 2019-04-16T08:20:09.000Z (almost 7 years ago)
• Default Branch: master
• Last Pushed: 2021-02-01T22:32:28.000Z (almost 5 years ago)
• Last Synced: 2025-04-15T10:19:04.398Z (10 months ago)
• Topics: powershell, splunk, splunk-addon
• Homepage:
• Size: 25.4 KB
• Stars: 17
• Watchers: 16
• Forks: 8
• Open Issues: 0
• Metadata Files:
  • Readme: README.md
  • License: LICENSE

Awesome Lists containing this project

README

          
# Splunk Add-on for PowerShell

The Splunk Add-on for PowerShell provides field extraction for PowerShell event

logs. Unfortunately, PowerShell logs are in system language which requires field 

extraction for each language. Furthermore, delimiters are sometimes `:` and sometimes `=`.

Currently supported languages are

* English

* French

* Italian

* German

## Prerequisites

Collection of `Microsoft-Windows-PowerShell/Operational` event logs.

## Installation

Add the folder "ta-microsoft-powershell" to a ZIP and upload it to https://spunkserver/en-US/manager/appinstall/_upload.

## Sourcetypes

Following source is used for field extraction.

```

source="XmlWinEventLog:Microsoft-Windows-PowerShell/Operational" 

```

## Changelog

See [changelog in the add-on](ta-microsoft-powershell/README.md).

## Contribution

File an [issue](https://github.com/swisscom/splunk-addon-powershell/issues) or submit a [pull request](https://github.com/swisscom/splunk-addon-powershell/pulls).