Hello,  I have a PowerShell script that parses emails and pulls out specific header data that I want in Splunk. While writing the script I decided to have it output json as I thought that would be a good option to feed to splunk. I produced a sample json log file (one line json per message I want parsed) and setup a sourcetype via the interactive add data wizard. I then added that sourcetype to my app's props.conf.  My issue is I cannot seem to find the right way to get splunk to execute the powershell script. I've tried script:// with the ps1, with a .path file, and recently tried powershell:// with a script parameter. Nothing seems to be working.  Any guidance on how to make this would be great. I don't want to have to resort to a scheduled task running the script which outputs to a log file that splunk monitors, but I can do that if I need to.  Here is my inputs.conf that I tried:   [script://$SPLUNK_HOME/etc/apps/phishalert/bin/phishalert_output.ps1] disabled = 1 interval = 300 index = email source = phishalert sourcetype = phishalert [script://$SPLUNK_HOME/etc/apps/phishalert/bin/phishalert_output.path] disabled = 1 interval = 300 index = email source = phishalert sourcetype = phishalert [powershell://PhishAlertOutput] disabled = 1 script = . "$SPLUNKHOME/etc/apps/phishalert/bin/phishalert_output.ps1" schedule = */5 * * * * sourcetype = phishalert   Here is the props.conf: [phishalert] DATETIME_CONFIG = INDEXED_EXTRACTIONS = json KV_MODE = none LINE_BREAKER = ([\r\n]+) TIMESTAMP_FIELDS = timestamp category = Structured description = Phish alert json data. disabled = false pulldown_type = true   ... View more

I have a script that I am generating a json formatted log file entries. I want to get this data into Splunk. What is the best way to write the data to disk to be monitored and ingested? Should I just append json data into a single file, or should the log file have only one entry at a time, and I overwrite/clear the file each time I need to add new data?   ... View more