Splunk PowerShell Resource Kit

Using the Splunk PowerShell Resource Kit, Windows administrators can manage and extend their Splunk environment to support a variety of tasks. With this first version of the resource kit, administrators can manage Splunk's topology, configure its internals, and engage the Splunk search engine from a PowerShell session.

Over 40 PowerShell-Splunk cmdlets support numerous search, deployment, and configuration scenarios, including:

Checking and managing Splunk services

  • Test Active Directory objects for Splunk services.
  • Query the status of Splunk services on a set of hosts.
  • Manage Splunk services on a set of hosts.
  • Restart Splunk.

Searching Splunk

  • View raw event data.
  • View event data in a table.
  • Specify alternate credentials for a Splunk search.

Deploying Splunk

  • Install a Splunk forwarder remotely using an MSI.
  • Install a Splunk forwarder remotely using GNU Wget.
  • Deploy forwarders to all hosts from Active Directory.
  • Deploy forwarders to all hosts in an Active Directory organizational unit.
  • Deploy forwarders to all hosts in an Active Directory group.
  • Deploy forwarders to all hosts in a domain.

Managing Splunk server classes

  • Retrieve a list of server classes.
  • Retrieve a list of deployment clients.
  • Create a new server class.
  • Remove a server class.
  • Add hosts from Active Directory to a server class whitelist.
  • Add hosts from an Active Directory organizational unit to a server class whitelist.
  • Add hosts from an Active Directory group to a server class whitelist.
  • Add a list of hosts from a Splunk search to a server class whitelist.
  • Add a host to the blacklist of an existing server class.
  • Add an entire domain to a server class whitelist.
  • Add a list of VM host names from Hyper-V to a server class whitelist.