By default, Sumo Logic does not come with a PowerShell command option. To properly run a PowerShell script from within a Sumo Logic Script Source, we need to make sure that the Collector knows to use the PowerShell command to run the script. We also need to supply some formatting options for the resulting script output.

1. In the Sumo Logic Script Source configuration, select the Type the script to execute option. This allows you to use PowerShell interpreter to run the command.

2. Within the text box, enter the full command to run the script. This includes the powershell.exe, the script to run, as well as an additional parameter "-inputformat none", which describes the format of data sent to Windows PowerShell.

powershell.exe -inputformat none C:\scripts\Powershell\domainCollector.ps1

 

3. Set the Working Directory to a path with access to powershell.exe.

4. Lastly, when a script runs in Windows it may output the original script call as a message. Add an Exclude Filter to the Source configuration to prevent sending these lines to Sumo Logic. Using our sample command above, a working exclude filter would be:

.*domainController.ps1.*