@pujan - To tell you simply what "Universal Forwarder Credentials" is: * An App that contains an SSL certificate and other stuff for Splunk UF to send data to your Splunk cloud stack. * Also, I think it contains outputs.conf, to specify where data will going to be forwarded (address of your cloud stack).   To collect the Windows logs, as I can see you have already downloaded the Add-on for Windows. You can follow its' documentation to see how to configure the inputs - https://docs.splunk.com/Documentation/AddOns/released/Windows/AbouttheSplunkAdd-onforWindows   If you have more than 2-3 windows forwarders to deploy same Windows input on, I would prefer to deploy all these Apps including UF Cloud Credentials App via deployment server. Reference - https://docs.splunk.com/Documentation/Splunk/9.1.3/Updating/Configuredeploymentclients   I hope this helps!!! ... View more

This is an old thread so you may be more likely to get responses from a new question. Have you tried untarring the file rather than using the splunk install command? 7-zip can be used to extract the .spl file to %SPLUNK_HOME%\etc\apps ... View more