Add a comment line to the outputs.conf on the deployment server. Something like: #new version That will be enough to cause an update following a deploy-server reload. ... View more

Ok, I think this ended up being a problem with Linux vs Windows line returns (e.g. adding ^M to the output.conf file on Linux before deployment). Manually editing the output.conf file on a Windows machine (or adding ^M to line returns) solved this issue. However, I can't seem to get splunk to re-deploy the new output.conf with ^M returns. Q: How can I tell Splunk to re-deploy output.conf to the UniversalForwarders? I've edited output.conf appropriately, and ran /opt/splunk/bin/splunk reload deploy-server The clients are "phoning home" to the deployment server, but they don't have the correct output.conf that I see in deployment-apps/Splunk_TA_windows/default/ ... View more