Inputs: HEC JSON-Format: Unterschied zwischen den Versionen

Aus Wiki-WebPerfect
Wechseln zu: Navigation, Suche
(Die Seite wurde neu angelegt: „ == PowerShell to create a JSON-Object and send to Splunk == <source lang="powershell"> #Create a PowerShell-Object and convert it to the JSON-Format $Body = […“)
(kein Unterschied)

Version vom 13. Mai 2020, 09:46 Uhr

PowerShell to create a JSON-Object and send to Splunk

#Create a PowerShell-Object and convert it to the JSON-Format
$Body = [PSCustomObject]@{
	host = $HVNode.ToUpper()
	event = @{
		<YourFieldName> = <YourValue>
		<YourFieldName> = <YourPowerShell-Command>
	}
} | ConvertTo-Json -Depth 4
 
#Splunk Variables
$SplunkPort = 8088
$SplunkHeader = @{Authorization = "Splunk <Splunk_HEC-Token>"}
$SplunkURL = "http://<Splunk-URL>:$SplunkPort/services/collector/event"
 
#Send the created JSON to the Splunk HEC Input
Invoke-WebRequest -Uri $SplunkURL -Method Post -Body $Body -Headers $SplunkHeader -UseBasicParsing


Splunk props.conf

Kategorie.Splunk

Von „http://wiki.webperfect.ch/index.php?title=Inputs:_HEC_JSON-Format&oldid=2366