I installed this app as part of the SQL Server App for Splunk but this app could not start due to an error parsing the xml file file.
I went to check the file and found out there was a missing
tag on line 138. The file instead has <> tags. Please could you fix that for other users
Try re-installing the Splunk App for SQL Server. Once you've done that, and added all the files in their correct folders (TA-SQLServer, SA-PowerShell) in the etc\apps directory. After you've done that, then follow the instructions in the app to get it installed.
After that's done, make sure to check out these next few steps to make sure it works in your environment:
I figured this one out, finally. Here's what I did:
Windows Server 2008 R2 and Windows 2012 R2 - Open Powershell as Administrator
PS C:\>Get-Execution Policy
If it's Restricted, then do the following:
PS C:\>Set-Execution Policy Bypass
Say Yes to the Execution Policy Change.
Then run Get-ExecutionPolicy and see that it changed to Bypass:
PS C:\> Get-ExecutionPolicy
Bypass
Once you have that done, now you'll need to make one more change.
Open your SQL Server Management Studio and log in as sysadmin (sa). Go to Security ->Logins -> NT AUTHORITY\SYSTEM (Properties) and grant the user sysadmin Server Role. Apply the change and restart your Splunk service. (Thanks Adrian: http://answers.splunk.com/answers/108974/problem-with-powershell-and-splunk_for_sqlserver-app)
Once you have all these steps done, then go into the app and run the Lookup Table Rebuilder (Searches & Reports->Lookup Table Rebuilder)
Lastly, you can run the search:
index=mssql | stats count, values(sourcetype) by host
You should see the following source types show up:
MSSQL:Database:Health
MSSQL:Host:Memory
MSSQL:Instance:Service
MSSQL:Instance:User
Powershell:ScriptExecutionSummary
I have done this but I have no results. Does this app works?
Can you please clarify? Is it the Splunk App for SQL Server that won't start, or the Technology Add-on for Windows, or the Splunk Add-on for PowerShell?
Which file are you referring to?