Using the Splunk PowerShell Resource Kit, Windows administrators can manage and extend their Splunk environment to support a variety of tasks. With this first version of the resource kit, administrators can manage Splunk's topology, configure its internals, and engage the Splunk search engine from a PowerShell session.
Over 40 PowerShell-Splunk cmdlets support numerous search, deployment, and configuration scenarios, including:
Checking and managing Splunk services
- Test Active Directory objects for Splunk services.
- Query the status of Splunk services on a set of hosts.
- Manage Splunk services on a set of hosts.
- Restart Splunk.
Searching Splunk
- View raw event data.
- View event data in a table.
- Specify alternate credentials for a Splunk search.
Deploying Splunk
- Install a Splunk forwarder remotely using an MSI.
- Install a Splunk forwarder remotely using GNU Wget.
- Deploy forwarders to all hosts from Active Directory.
- Deploy forwarders to all hosts in an Active Directory organizational unit.
- Deploy forwarders to all hosts in an Active Directory group.
- Deploy forwarders to all hosts in a domain.
Managing Splunk server classes
- Retrieve a list of server classes.
- Retrieve a list of deployment clients.
- Create a new server class.
- Remove a server class.
- Add hosts from Active Directory to a server class whitelist.
- Add hosts from an Active Directory organizational unit to a server class whitelist.
- Add hosts from an Active Directory group to a server class whitelist.
- Add a list of hosts from a Splunk search to a server class whitelist.
- Add a host to the blacklist of an existing server class.
- Add an entire domain to a server class whitelist.
- Add a list of VM host names from Hyper-V to a server class whitelist.