I now have this working. My issue was one of credentials. My splunk install on windows was running splunkd as LocalSystem, but my own user account doing the testing was the one which had permission to access the SCOM server via powershell. To see the actual error I had to start a powershell session using AT, then manually run the powershell script. My workaround for now is I have changed the splunkd service to run under my own user account.
Also, one improvement to the code. in scom_client.ps1 make the following change:
#write-host ("ComputerName=" + $alert.MonitoringObjectDisplayName);
write-host ("ComputerName=" + $alert.NetbiosComputerName);
this is more accurate, as the monitoring object display name can contain things like "Terminal Services" and other such objects. Sadly it isn't a full fix, and some alert types are not related to hosts, such as Active Directory objects etc. I'll post a better solution shortly.
... View more