Splunk PowerShell Resource Kit

The Splunk PowerShell Resource Kit has been deprecated. This project is not active and is no longer being supported.

Using the Splunk PowerShell Resource Kit, Windows administrators can manage and extend their Splunk environment to support a variety of tasks. With this first version of the resource kit, administrators can manage Splunk's topology, configure its internals, and engage the Splunk search engine from a PowerShell session.

Over 40 PowerShell-Splunk cmdlets support numerous search, deployment, and configuration scenarios, including:

Checking and managing Splunk services

  • Test Active Directory objects for Splunk services.
  • Query the status of Splunk services on a set of hosts.
  • Manage Splunk services on a set of hosts.
  • Restart Splunk.

Searching Splunk

  • View raw event data.
  • View event data in a table.
  • Specify alternate credentials for a Splunk search.

Deploying Splunk

  • Install a Splunk forwarder remotely using an MSI.
  • Install a Splunk forwarder remotely using GNU Wget.
  • Deploy forwarders to all hosts from Active Directory.
  • Deploy forwarders to all hosts in an Active Directory organizational unit.
  • Deploy forwarders to all hosts in an Active Directory group.
  • Deploy forwarders to all hosts in a domain.

Managing Splunk server classes

  • Retrieve a list of server classes.
  • Retrieve a list of deployment clients.
  • Create a new server class.
  • Remove a server class.
  • Add hosts from Active Directory to a server class whitelist.
  • Add hosts from an Active Directory organizational unit to a server class whitelist.
  • Add hosts from an Active Directory group to a server class whitelist.
  • Add a list of hosts from a Splunk search to a server class whitelist.
  • Add a host to the blacklist of an existing server class.
  • Add an entire domain to a server class whitelist.
  • Add a list of VM host names from Hyper-V to a server class whitelist.