/splunk-addon-powershell

Splunk Add-on for PowerShell provides field extraction for PowerShell event logs.

Apache License 2.0Apache-2.0

Splunk Add-on for PowerShell

The Splunk Add-on for PowerShell provides field extraction for PowerShell event logs. Unfortunately, PowerShell logs are in system language which requires field extraction for each language. Furthermore, delimiters are sometimes : and sometimes =.

Currently supported languages are

  • English
  • French
  • Italian
  • German

Prerequisites

Collection of Microsoft-Windows-PowerShell/Operational event logs.

Installation

Add the folder "ta-microsoft-powershell" to a ZIP and upload it to https://spunkserver/en-US/manager/appinstall/_upload.

Sourcetypes

Following source is used for field extraction.

source="XmlWinEventLog:Microsoft-Windows-PowerShell/Operational"

Changelog

See changelog in the add-on.

Contribution

File an issue or submit a pull request.