Skip to content
/ splunk-addon-powershell Public

Splunk Add-on for PowerShell provides field extraction for PowerShell event logs.

License

Apache-2.0 license
17 stars 8 forks Branches Tags Activity
Star
Notifications You must be signed in to change notification settings

swisscom/splunk-addon-powershell

BranchesTags

Folders and files

NameName
Last commit message
Last commit date

Latest commit

 

History

9 Commits

ta-microsoft-powershell

ta-microsoft-powershell

 
 

.gitignore

.gitignore

 
 

LICENSE

LICENSE

 
 

README.md

README.md

 
 

Repository files navigation

Splunk Add-on for PowerShell

The Splunk Add-on for PowerShell provides field extraction for PowerShell event logs. Unfortunately, PowerShell logs are in system language which requires field extraction for each language. Furthermore, delimiters are sometimes : and sometimes =.

Currently supported languages are

  • English
  • French
  • Italian
  • German

Prerequisites

Collection of Microsoft-Windows-PowerShell/Operational event logs.

Installation

Add the folder "ta-microsoft-powershell" to a ZIP and upload it to https://spunkserver/en-US/manager/appinstall/_upload.

Sourcetypes

Following source is used for field extraction.

source="XmlWinEventLog:Microsoft-Windows-PowerShell/Operational"

Changelog

See changelog in the add-on.

Contribution

File an issue or submit a pull request.

About

Splunk Add-on for PowerShell provides field extraction for PowerShell event logs.

Topics

splunk powershell splunk-addon

Resources

Readme

License

Apache-2.0 license
Activity
Custom properties

Stars

17 stars

Watchers

16 watching

Forks

8 forks
Report repository

Releases 2

0.2.0 Latest
Feb 13, 2020
+ 1 release

Contributors 2

  •  
  •