Hi all,
I have setup the Splunk Add-on for Microsoft System Center Operations Manager (SCOM) and have successfully setup a performance input from SCOM and can see in the ta_scom.log that the PowerShell scripts are getting the objects. However, nothing is written to the index. In fact, I don't see the add-on sourcetypes at all ("microsoft:scom:*")
I've exhausted all the log files I can think of to look in for clues as to why the data never makes it into the index, but so far have come up empty. Any ideas as to what I'm missing or where else I can look to troubleshoot the issue?
Thanks in advance!
I found that the PowerShell scripts that are running for the Splunk Add-on for Microsoft Active Directory were causing some issue, not allowing the PowerShell scripts for the Splunk Add-on for SCOM to complete, so no data was getting into the index.
Steps I used to discover the issue (nothing in the logging provided a clue):
However, some add-ons/apps require the Splunk Add-on for Microsoft Active Directory. When I re-enabled it, the data from SCOM stopped being written again. Can anyone elaborate why this would be the case?
@DolEgon22 - Did your answer provide a working solution to your question? If yes and you would like to close out your post, don't forget to click "Accept". But if you'd like to keep it open for possibilities of other answers/comments, then you don't have to take action on it yet.
The details of the root cause have yet to be uncovered. I'll keep it open a little longer in case someone has some insight on the issue. Thanks!