TA - Splunk UF Upgrade Parsing for Windows

TA - Splunk UF Upgrade Parsing for Windows provides the parsing-tier and indexing support for the Splunk Windows Universal Forwarder Upgrade App solution. This TA defines the `splunk_upgrade` index and sourcetype parsing behavior used by Windows Universal Forwarder upgrade telemetry generated by the companion endpoint automation TA. It supports operational upgrade logs, retry-control logs, and verbose MSI installer logs, including: * Setup and validation events * Upgrade execution events * Splunk service stop/start events * MSI upgrade result events * Installer cleanup events * JSON state tracking events * Retry-loop prevention events * Controlled force retry events * Retry reset events * Verbose MSI installer logs This TA is intended for the parsing and indexing tier, including indexers, indexer clusters, and heavy forwarders when heavy forwarders perform parsing before forwarding data to indexers. This TA does **not** perform endpoint upgrades, run PowerShell scripts, create Windows Scheduled Tasks, collect endpoint logs directly, or provide dashboards. Endpoint upgrade automation is handled by `TA-windows_uf_upgrade_automation`, and dashboard/reporting visibility is handled by `SA-windows_uf_upgrade_monitoring`. Deploy this TA before enabling endpoint log collection at scale to ensure the `splunk_upgrade` index exists and upgrade events are parsed consistently.