For that I created an app called SplunkUniversalForwarder in the deployment-apps of the deployment server. I chose the app-name deliberately the same as on the forwarders, because I hoped that the changes there will be updated to the same folder on the UF.
Inside of the /etc/deployment-apps/SplunkUniversalForwarder/local, I created limits.conf with the single parameter above.
My expectation was that this app will be distributed to the clients and the "local" directory will be created inside of the existing /opt/splunkforwarder/etc/apps/SplunkUniversalForwarder directory there.
This was the case, however the "default" directory there was wiped out. This means the app was distributed in the way that the existing one was overwritten.
Now, before I continue, I would like to ask what is the best practice to distribute the UF parametrisation like above via the deployment server. Per my understanding, if I use another app name, then it will be created on the UF, but will the limits.conf settings then be applied to the UF?
And what about upgrading the UF software to the higher version? Will it wipe out the changes I made in "local" above?
I mean I could copy-paste what is in the default/limits.conf to local/limits.conf on the deployment server and redistribute it, but my concern is if it stays there after the UF software upgrade ...