-
Notifications
You must be signed in to change notification settings - Fork 12
/
Send-ToSplunk.ps1
88 lines (51 loc) · 2.53 KB
/
Send-ToSplunk.ps1
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
function Send-ToSplunk {
[CmdletBinding()]
param (
[Parameter(ValueFromPipeline=$true)]
[System.Object[]]
$Message,
[Parameter()]
[string]
$SplunkHecUri = 'http://splunk.example.com:8088/services/collector',
[Parameter()]
[string]
$SplunkHecApiKey = 'DEADBEEF-DEAD-BEEF-DEAD-BEEFDEADBEEF',
[Parameter()]
[System.Collections.Hashtable]
$SplunkHecRestHeaders = @{ Authorization = "Splunk $SplunkHecApiKey" }
) #param
process {
if (-not $Message) {
$Message = New-Object -TypeName psobject -Property @{ ComputerName = $env:COMPUTERNAME
UserName = $env:USERNAME
Message = 'Hello World!' }
} #if
[datetime] $Epoch = (Get-Date -Date '01/01/1970')
[datetime] $TimeNow = (Get-Date)
[string] $EpochTime = $(((New-TimeSpan -Start $Epoch -End ([system.timezoneinfo]::ConvertTime(($TimeNow),([system.timezoneinfo]::UTC)))).TotalSeconds).ToString())
$PowerShellVersion = $PSVersionTable.PSVersion.Major
if ($PowerShellVersion -ge 3) {
$Message | ForEach-Object {
$JsonEvent = $_ | ConvertTo-Json -Compress
$SplatArgs = @{ Uri = $SplunkHecUri
Headers = $SplunkHecRestHeaders
Method = 'Post'
Body = "{`"time`": `"$EpochTime`",`"host`": `"$($env:COMPUTERNAME)`",`"event`": $JsonEvent}" }
Invoke-RestMethod @SplatArgs | Out-Null
} #ForEach
} elseif ($PowerShellVersion -lt 3) {
Add-Type -AssemblyName System.Web
$PsJs = New-Object -TypeName System.Web.Script.Serialization.JavaScriptSerializer
$Message | ForEach-Object {
$JsonEvent = $PsJs.Serialize($_)
[byte[]][char[]] $Body = "{`"time`": `"$EpochTime`",`"host`": `"$($env:COMPUTERNAME)`",`"event`": $JsonEvent}"
$Request = [System.Net.HttpWebRequest]::CreateHttp("$SplunkHecUri")
$Request.Method = 'POST'
$Request.Headers.Add("Authorization","Splunk $SplunkHecApiKey")
$Stream = $Request.GetRequestStream()
$Stream.Write($Body, 0, $Body.Length)
$Request.GetResponse() | Out-Null
} #ForEach
} #if
} #process
} #function Send-ToSplunk