Command (Exec) Source
yaml
sources:
  cmd_ls:
    type: cmd
    cmd: ls
    # scheduled or streaming
    mode: scheduled
    args:
      - -l
      - -h
    workingDir: /foo
    # Interval between each invocation of the cmd
    interval: 60

    # Output mode when using mode 'scheduled'. Either 'streaming' (default) or 'consolidateOutput'.
    # When outputMode is set to 'consolidateOutput', the entire output of the scheduled command is sent as a single event.
    # outputMode: consolidateOutput

    # Environment variables can be configured and passed to the command
    environment:
      # define CONFIGURED_ENV1 as environment variable
      CONFIGURED_ENV1: my_configured_env_1
      # Pass environment variable: MY_ENV_VAR to command
      MY_ENV_VAR: $MY_ENV_VAR
    sink: my_humio

  cmd_tail:
    type: cmd
    cmd: tail
    mode: streaming
    args:
      - -F
    workingDir: /foo
    sink: my_humio

sinks:
  my_humio:
    type: humio
    token: <ingest-token-repo2> or an environment variable
    url: https://cloud.us.humio.com
    compression: gzip
    compressionLevel: 9
    tls:
      insecure: false

        -----BEGIN CERTIFICATE-----
        ...
        -----END CERTIFICATE-----
      caFile: /etc/ssl/cert.pem

    proxy: none

    queue:
      fullAction: deleteOldest
      memory:
        flushTimeOutInMillisecond: 200
        maxLimitInMB: 1024
# Example of exec source executing powershell to pass the script.
 powershell_monitor:
    type: cmd
    # Using PowerShell with -Command parameter to execute the script
    cmd: powershell
    mode: scheduled
    interval: 300  # Run every 5 minutes
    args:
      - -NoProfile
      - -NonInteractive
      - -Command
      - |
        # Multi-line PowerShell script
        $computerInfo = Get-ComputerInfo
        $processes = Get-Process | Select-Object -First 5
        $memory = Get-CimInstance Win32_OperatingSystem | Select-Object FreePhysicalMemory,TotalVisibleMemorySize

        # Create custom object with collected data
        $result = @{
            'Hostname' = $computerInfo.CsName
            'OS_Version' = $computerInfo.WindowsVersion
            'Top_Processes' = ($processes | ForEach-Object { $_.ProcessName }) -join ','
            'Free_Memory_GB' = [math]::Round($memory.FreePhysicalMemory/1MB, 2)
            'Total_Memory_GB' = [math]::Round($memory.TotalVisibleMemorySize/1MB, 2)
            'Timestamp' = Get-Date -Format "yyyy-MM-dd HH:mm:ss"
        }

        # Output as JSON
        ConvertTo-Json -InputObject $result
    sink: my_humio

Table: Command Source

ParameterTypeRequiredDefault ValueDescription
argsarray of stringsoptional[a] [] The arguments of the command.
cmdstringrequired   Command-line log source.
envstringoptional[a]   Specify the Environment variables and pass them to commands using this section.
intervalintegeroptional[a] 60 Specifies how frequently the command should be invoked when set to scheduled. Specified in seconds.
modecmdmoderequired   Specify the mode in which to collect data.
   Values
   scheduledcollect data at intervals in which case you must specify aninterval, To create a single multiline event when running in the schedule mode set the option consolidateOutput to true.
   streamingcollect data constantly.
outputModecmdoutputmodeoptional[a] streaming Specify the mode with which to collect data.
   Values
   consolidateOutputCreate a single multiline event when running in the schedule mode set the
   streamingCollect data continously.
parserstringoptional[a]   Specify the name of the parser to use for this source, if required. If a parser is already assigned to the ingest token, this value will be ignored.
sinkstringrequired   Name of the sink, which you configured in sinks, that should be sent the collected events.
transformstransformoptional[a]   Specify transforms to use for this source (optional), if static_field is specified you must specify a key and a value which can be an environment variable for example myenvvar:$MY_ENV_VAR
typecmdrequired   The sources block configures the sources of data that the log collector will send to Falcon LogScale.
workingDirstringoptional[a]   Specifies the directory in which to run the command.

[a] Optional parameters use their default value unless explicitly set.