All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Problem with powershell and Splunk_for_SQLServer app

adylent
Path Finder
‎10-31-2013 12:36 PM

I'm trying to get the Splunk_for_SQLServer app to work. I notice that some of my powershell scripts are executing, but some are not. The powershell app offers a really nice sourcetype=Powershell:ScriptExecutionErrorRecord field. Below is the error I'm seeing; I'm at a loss of what it would complain about GetDirectoryRoot. Does anyone have any experience with this error, or have some tips to better debug this? The host is Windows Server 2008 R2 Enterprise.

Thanks

ParentIdentity="3e7a6cdb-5689-4227-9f10-b2764696858b" ErrorIndex="0" ErrorMessage="Exception calling "GetDirectoryRoot" with "1" argument(s): "The path is not of a legal form."" PositionMessage="At C:\Program Files\SplunkUniversalForwarder\etc\apps\TA-SQLServer\bin\Common.psm1:217 char:5 +                 $LVM = [IO.Directory]::GetDirectoryRoot($_.PrimaryFilePath) +                 ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~" CategoryInfo="NotSpecified: (:) [], MethodInvocationException" FullyQualifiedErrorId="ArgumentException" Exception="System.Management.Automation.MethodInvocationException: Exception calling "GetDirectoryRoot" with "1" argument(s): "The path is not of a legal form." ---> System.ArgumentException: The path is not of a legal form.    at System.IO.Path.NormalizePath(String path, Boolean fullCheck, Int32 maxPathLength, Boolean expandShortPaths)    at System.IO.Directory.GetDirectoryRoot(String path)    at CallSite.Target(Closure , CallSite , RuntimeType , Object )    --- End of inner exception stack trace ---    at System.Management.Automation.ExceptionHandlingOps.CheckActionPreference(FunctionContext funcContext, Exception exception)    at System.Management.Automation.Interpreter.ActionCallInstruction`2.Run(InterpretedFrame frame)    at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(InterpretedFrame frame)    at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(InterpretedFrame frame)    at System.Management.Automation.Interpreter.Interpreter.Run(InterpretedFrame frame)    at System.Management.Automation.Interpreter.LightLambda.RunVoid1[T0](T0 arg0)    at System.Management.Automation.ScriptBlock.InvokeWithPipeImpl(Boolean createLocalScope, ErrorHandlingBehavior errorHandlingBehavior, Object dollarUnder, Object input, Object scriptThis, Pipe outputPipe, InvocationInfo invocationInfo, Object[] args)    at System.Management.Automation.ScriptBlock.<>c__DisplayClass4.<InvokeWithPipe>b__2()    at System.Management.Automation.Runspaces.RunspaceBase.RunActionIfNoRunningPipelinesWithThreadCheck(Action action)    at System.Management.Automation.ScriptBlock.InvokeWithPipe(Boolean useLocalScope, ErrorHandlingBehavior errorHandlingBehavior, Object dollarUnder, Object input, Object scriptThis, Pipe outputPipe, InvocationInfo invocationInfo, Object[] args)    at System.Management.Automation.ScriptBlock.InvokeUsingCmdlet(Cmdlet contextCmdlet, Boolean useLocalScope, ErrorHandlingBehavior errorHandlingBehavior, Object dollarUnder, Object input, Object scriptThis, Object[] args)    at Microsoft.PowerShell.Commands.ForEachObjectCommand.ProcessRecord()    at System.Management.Automation.CommandProcessor.ProcessRecord()" InnerException="System.ArgumentException: The path is not of a legal form.    at System.IO.Path.NormalizePath(String path, Boolean fullCheck, Int32 maxPathLength, Boolean expandShortPaths)    at System.IO.Directory.GetDirectoryRoot(String path)    at CallSite.Target(Closure , CallSite , RuntimeType , Object )"

index = mssql source = Powershell sourcetype = Powershell:ScriptExecutionErrorRecord

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

ahall_splunk
Splunk Employee
Splunk Employee
‎10-31-2013 01:56 PM

You have not given the NT AUTHORITY\SYSTEM (or whatever the user that is running the Universaal Forwarder on your SQL Server) sysadmin permission. Go into the SQL Server Management Studio and connect to the SQL Server instance, expand Security -> User Logins, right click on NT AUTHORITY\SYSTEM and select Properties. Then click on Server Roles and check the "sysadmin" role. Click on Apply.

View solution in original post

Reply
Solved! Jump to solution

thuhnv
New Member
‎08-12-2015 10:13 PM

I already did the command above but still can not run Powershell for MSSQL Spunk , the error is "The user does not have permission to perform this action". This MSSQL server is run as NTService. Is it account does not have VIEW SERVER STATE permission ?

ParentIdentity="352622ab-0b19-41fd-9d16-0b9d5f58c175" ErrorIndex="0" ErrorMessage="Exception calling "Fill" with "1" argument(s): "The user does not have permission to perform this action."" PositionMessage="At C:\Program Files\SplunkUniversalForwarder\etc\apps\TA-SQLServer\bin\SQL.psm1:80 char:13 + $Adapter.Fill($DataSet) | Out-Null + ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~" CategoryInfo="NotSpecified: (:) [], MethodInvocationException" FullyQualifiedErrorId="SqlException" Exception="System.Management.Automation.MethodInvocationException: Exception calling "Fill" with "1" argument(s): "The user does not have permission to perform this action." ---> System.Data.SqlClient.SqlException: The user does not have permission to perform this action. at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection, Action1 wrapCloseInAction) at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj, Boolean callerHasConnectionLock, Boolean asyncClose) at System.Data.SqlClient.TdsParser.TryRun(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj, Boolean& dataReady) at System.Data.SqlClient.SqlDataReader.TryConsumeMetaData() at System.Data.SqlClient.SqlDataReader.get_MetaData() at System.Data.SqlClient.SqlCommand.FinishExecuteReader(SqlDataReader ds, RunBehavior runBehavior, String resetOptionsString) at System.Data.SqlClient.SqlCommand.RunExecuteReaderTds(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, Boolean async, Int32 timeout, Task& task, Boolean asyncWrite) at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method, TaskCompletionSource1 completion, Int32 timeout, Task& task, Boolean asyncWrite) at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method) at System.Data.SqlClient.SqlCommand.ExecuteReader(CommandBehavior behavior, String method) at System.Data.SqlClient.SqlCommand.ExecuteDbDataReader(CommandBehavior behavior) at System.Data.Common.DbCommand.System.Data.IDbCommand.ExecuteReader(CommandBehavior behavior) at System.Data.Common.DbDataAdapter.FillInternal(DataSet dataset, DataTable[] datatables, Int32 startRecord, Int32 maxRecords, String srcTable, IDbCommand command, CommandBehavior behavior) at System.Data.Common.DbDataAdapter.Fill(DataSet dataSet, Int32 startRecord, Int32 maxRecords, String srcTable, IDbCommand command, CommandBehavior behavior) at System.Data.Common.DbDataAdapter.Fill(DataSet dataSet) at CallSite.Target(Closure , CallSite , Object , Object ) --- End of inner exception stack trace --- at System.Management.Automation.ExceptionHandlingOps.CheckActionPreference(FunctionContext funcContext, Exception exception) at System.Management.Automation.Interpreter.ActionCallInstruction2.Run(InterpretedFrame frame) at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(InterpretedFrame frame) at System.Management.Automation.Interpreter.EnterTryCatchFinallyInstruction.Run(InterpretedFrame frame) at System.Management.Automation.Interpreter.Interpreter.Run(InterpretedFrame frame) at System.Management.Automation.Interpreter.LightLambda.RunVoid1[T0](T0 arg0) at System.Management.Automation.PSScriptCmdlet.RunClause(Action1 clause, Object dollarUnderbar, Object inputToProcess) at System.Management.Automation.PSScriptCmdlet.DoProcessRecord() at System.Management.Automation.CommandProcessor.ProcessRecord()" InnerException="System.Data.SqlClient.SqlException (0x80131904): The user does not have permission to perform this action. at System.Data.SqlClient.SqlConnection.OnError(SqlException exception, Boolean breakConnection, Action1 wrapCloseInAction) at System.Data.SqlClient.TdsParser.ThrowExceptionAndWarning(TdsParserStateObject stateObj, Boolean callerHasConnectionLock, Boolean asyncClose) at System.Data.SqlClient.TdsParser.TryRun(RunBehavior runBehavior, SqlCommand cmdHandler, SqlDataReader dataStream, BulkCopySimpleResultSet bulkCopyHandler, TdsParserStateObject stateObj, Boolean& dataReady) at System.Data.SqlClient.SqlDataReader.TryConsumeMetaData() at System.Data.SqlClient.SqlDataReader.get_MetaData() at System.Data.SqlClient.SqlCommand.FinishExecuteReader(SqlDataReader ds, RunBehavior runBehavior, String resetOptionsString) at System.Data.SqlClient.SqlCommand.RunExecuteReaderTds(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, Boolean async, Int32 timeout, Task& task, Boolean asyncWrite) at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method, TaskCompletionSource1 completion, Int32 timeout, Task& task, Boolean asyncWrite) at System.Data.SqlClient.SqlCommand.RunExecuteReader(CommandBehavior cmdBehavior, RunBehavior runBehavior, Boolean returnStream, String method) at System.Data.SqlClient.SqlCommand.ExecuteReader(CommandBehavior behavior, String method) at System.Data.SqlClient.SqlCommand.ExecuteDbDataReader(CommandBehavior behavior) at System.Data.Common.DbCommand.System.Data.IDbCommand.ExecuteReader(CommandBehavior behavior) at System.Data.Common.DbDataAdapter.FillInternal(DataSet dataset, DataTable[] datatables, Int32 startRecord, Int32 maxRecords, String srcTable, IDbCommand command, CommandBehavior behavior) at System.Data.Common.DbDataAdapter.Fill(DataSet dataSet, Int32 startRecord, Int32 maxRecords, String srcTable, IDbCommand command, CommandBehavior behavior) at System.Data.Common.DbDataAdapter.Fill(DataSet dataSet) at CallSite.Target(Closure , CallSite , Object , Object ) ClientConnectionId:d282bfa2-5544-452c-816f-d24f9f163ddb"

0 Karma
Reply
Solved! Jump to solution
Solution

ahall_splunk
Splunk Employee
Splunk Employee
‎10-31-2013 01:56 PM

You have not given the NT AUTHORITY\SYSTEM (or whatever the user that is running the Universaal Forwarder on your SQL Server) sysadmin permission. Go into the SQL Server Management Studio and connect to the SQL Server instance, expand Security -> User Logins, right click on NT AUTHORITY\SYSTEM and select Properties. Then click on Server Roles and check the "sysadmin" role. Click on Apply.

Reply
Solved! Jump to solution

adylent
Path Finder
‎10-31-2013 02:10 PM

Thank you! This was the issue, and things are now looking much better.

0 Karma
Reply
Get Updates on the Splunk Community!

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...

Welcome to the Splunk Community!

(view in My Videos) We're so glad you're here! The Splunk Community is place to connect, learn, give back, and ...