I am trying to create a golden image of Windows 2008r2 with a Splunk forwarder on it. I tried running the command SplunkUniversalForwarder\bin\splunk cone-prep-clear-config, but I got an error stating cone-prep-clear-config is not a valid command. I have successfully ran this command on Linux. Am I supposed to use some other command for Windows?
PS C:\Program Files\SplunkUniversalForwarder\bin> .\splunk.exe cone-prep-clear-config
Command error: 'cone-prep-clear-config' is not a valid command. Please run 'splunk help' to see the valid commands.
Data forwarding configuration management tools.
enable local-index [-parameter <value>] ...
disable local-index [-parameter <value>] ...
add [forward-server|search-server] server
remove [forward-server|search-server] server
forward-server a Splunk forwarder to forward data to be indexed
search-server a Splunk server to forward searches
local-index a local search index on the Splunk server
Make sure when you install the universal forwarder that you use the command line switch LAUNCHSPLUNK=0
That stops the universal forwarder from starting after the installation is complete otherwise the splunk.exe clone-prep-clear-config command won't be able to clear all the files.
Make sure this is the last thing you do before you power off the master/golden image for the last time. If you reboot you will need to stop the universal forwarder service again and rerun the splunk.exe clone-prep-clear-config command again.