What I ended up doing was copying the .spl file here (after creating the Desktop folder) C:\Program Files\SplunkUniversalForwarder\bin\Desktop. Then I copy the applicable Forwarder Management app folders are here: C:\Program Files\SplunkUniversalForwarder\etc\apps. The best way I found was to compare the folders on your test machine to a computer that you previously set up "correctly," and then copy over any missing folders. These will generally be the same folders every time. Then I open an administrator command prompt and run these commands: cd "C:\Program Files\SplunkUniversalForwarder\bin" splunk restart Once the last command finishes, you should be good to go. My PDQ deployment looks like this: Step 1: Install Universal Forwarder Step 2: Powershell script New-Item -ItemType "directory" -Path "c:\\program Files\SplunkUniversalForwarder\bin\Desktop" Step 3: File Copy- Copy .spl file into the folder created in step 2. Step4: File Copy- Copy any needed app folders into here (if multiple app folders need to be copied over, each folder will be its own step in PDQ): c:\\Program Files\SplunkUniversalForwarder\etc\apps Step 5: Command Prompt- cd "C:\Program Files\SplunkUniversalForwarder\bin" splunk restart Hope this is helpful!
... View more
