The documentation here says: "This documentation applies to the following versions of Splunk® Enterprise: 6.3.0, 6.3.1, 6.3.2, 6.3.3, 6.3.4, 6.3.5, 6.3.6, 6.3.7, 6.3.8, 6.3.9, 6.3.10, 6.3.11, 6.3.12, 6.3.13, 6.4.0, 6.4.1, 6.4.2, 6.4.3, 6.4.4, 6.4.5, 6.4.6, 6.4.7, 6.4.8, 6.4.9, 6.4.10, 6.5.0, 6.5.1, 6.5.1612 (Splunk Cloud only), 6.5.2, 6.5.3, 6.5.4, 6.5.5, 6.5.6, 6.5.7, 6.5.8, 6.5.9, 6.6.0, 6.6.1, 6.6.2, 6.6.3, 6.6.4, 6.6.5, 6.6.6, 6.6.7, 6.6.8, 6.6.9, 7.0.0, 7.0.1, 7.0.2, 7.0.3, 7.0.4, 7.0.5, 7.1.0, 7.1.1, 7.1.2 " Are they meaning the version of Splunk on the Universal Forwarder or the version of Splunk on the server. In other words, if I have a Universal Forwarder running version 6.2.1, does that mean I need to deploy the Powershell add-on to that forwarder to be able to run a powershell script?

Yea, I too am confused because I really thought it used to declare itself not necessary (on the app entry or docs) but I don't see that. It doesn't include anything rich within props.conf so it's not looking like a necessity for knowledge object enrichment either.

Thanks for your answer.

So what kind of additional capabilities can we expect from this add-on ?

I think it is mostly intended to be a Splunk management tool. It allows you to configure, control, and query Splunk controls and data from powershell. It is kind of like an API or SDK for Splunk for Powershell.