Forum Discussion
When using "script" as the method, you provide the powershell script and make sure that your script outputs to stdout (through "Write-Content" or any of a couple other methods). So, your PS script will run on the collector, connect to whatever resource where you would normally run it, run the script, gather the results, format it as json, and output it to the "screen" (the stdout pipe). LM watches the stdout stream and any properly formatted json will result in event(s) being created. I'm not a PS guy, but i believe there are native cmdlets that let you take data and convert it to json.
Notice that in the json, the "events" object is followed directly by a [. This means that the json can contain a list of events. So, if your script would normally pick up on 4 things that need to be turned into alerts, it might look like this:
{ "events": [ { "happenedOn": "Thu Jan 21 14:25:00 PST 2016", "message": "This is the message of the event", "severity": "Warn", "source": "Custom" }, { "happenedOn": "Thu Jan 21 14:26:00 PST 2016", "message": "This is the message of the 2nd event", "severity": "Warn", "source": "Custom" }, { "happenedOn": "Thu Jan 21 14:27:00 PST 2016", "message": "This is the message of the 3rd event", "severity": "Warn", "source": "Custom" }, { "happenedOn": "Thu Jan 21 14:28:00 PST 2016", "message": "This is the message of the 4th event", "severity": "Warn", "source": "Custom" } ] }
Related Content
- 12 months ago
- 9 months ago
- 2 years ago