I am trying to write a powershell script that automates Splunk’s oneshot command which will explicitly reindex a log file contained in a monitored directory. Given a range of dates, the script will traverse the directory in which the log files are kept, and execute oneshot once for each file that targets that date (there are typically between 50 and 110 or so per day). I am definitely not what you would call a “powershell guru” by any means, which is what brings me here.

When taking a closer look, Invoke-Expression seems to be starting a separate cmd.exe instance each time it’s called. This results in either the splunkd daemon to crash, or for cmd.exe to crash.

That being said, are there better alternatives to using Invoke-Expression? It appears that my script isn’t waiting for each invoked expression to complete before it fires off the next one, and that is causing adverse effects on the server. I’ve read this happens when using Invoke-Expression to call into external non-console applications. In this case, I’m calling into splunk.exe to execute the command, so that makes sense.

I am considering utilizing the scripting host instead of using Invoke-Expression, but first wanted to ask the pros here at StackOverflow for some potential alternatives 🙂

That being said, has anyone run into a similar problem in the past, and if so what alternative did you go with? Alternatively, are there other powershell tools I could use in place of Invoke-Expression that would not only do the job, but would provide more stable execution? Any help/suggestions are much appreciated!