Getting Data In
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

How should you specify the script file for PowerShell Modular Inputs

martinho
Explorer
‎10-26-2016 08:46 PM

The documentation for the PowerShell Modular Input states When you specify a script file (.ps1), prepend the script name with a period and a space (". ")

This is dot sourcing the script and means that any script scope variables will persist after the script has completed and can lead to subtle bugs during subsequent executions of the script. I think it would be better to use the call operator & instead. Read the
PowerShell about_Operators documentation for the details about these operators.

This applies to the documenation for 6.3.1 through to 6.5 when I last checked.

0 Karma
Reply

martinho
Explorer
‎10-27-2016 03:37 PM

I'm pretty sure the & call operator is the right way to go and using & definitely works. Looking at the comments in the documentation, it looks like a user suggested using the . dot source operator and a moderator accepted this suggestion without understanding the difference.

For some reason the hyperlinks are not working in the question markdown so I'm repeating them here

Splunk documentation for the PowerShell Modular Input
PowerShell Operators documentation
PowerShell Scopes documentation

0 Karma
Reply

ppablo
Retired
‎10-27-2016 03:41 PM

Hi @martinho

Your hyperlinks won't appear because you need a minimum of at least 50 karma points to post live links. You're going to have to edit your answer and actually paste the URLs you're trying to share with the community so people can copy and paste it themselves.

0 Karma
Reply

martinho
Explorer
‎10-27-2016 03:57 PM

@ppablo I don't have enough reputation to make more than 2 posts / edits a day. Sigh - the troubles of a second class citizien...

0 Karma
Reply

martinho
Explorer
‎10-27-2016 03:49 PM

Ah - interesting. Thanks for the insight. Pretty poor user experience though 🙂
Looks like this site is an older self hosted version of the Stack Exchange engine. Might have been better to go with a hosted version so it gets maintained.

0 Karma
Reply
Get Updates on the Splunk Community!

Stay Connected: Your Guide to May Tech Talks, Office Hours, and Webinars!

Take a look below to explore our upcoming Community Office Hours, Tech Talks, and Webinars this month. This ...

They're back! Join the SplunkTrust and MVP at .conf24

With our highly anticipated annual conference, .conf, comes the fez-wearers you can trust! The SplunkTrust, as ...

Enterprise Security Content Update (ESCU) | New Releases

Last month, the Splunk Threat Research Team had two releases of new security content via the Enterprise ...