Transcript is not a good idea in combination with Splunk or Elastic Search, because it simply echos whatever was send to the console; whatever ends up in splunk will not be very coherent & make sense. The recommended way of combining powershell & logging is to use scriptblock logging. Like...
Toggle navigationGet Data into Splunk User Behavior Analytics Introduction Understand data flow in Splunk UBA How data gets from the Splunk platform to Splunk UBA Use connectors to add data from the Splunk platform to Splunk UBA Which data sources do I need?
You must log PowerShell activity at a specific level and add those logs to Splunk UBA for the PowerShell Activity model to work. By logging PowerShell activity and analyzing the commands with Splunk UBA, you can identify indicators of compromise corresponding to malicious activity by a user or ...