TA - Splunk UF Upgrade Automation for Windows

TA - Splunk UF Upgrade Automation for Windows is the endpoint-side automation component for controlled Windows Universal Forwarder upgrade workflows. This TA is deployed to Windows Universal Forwarders and can validate staged Splunk Universal Forwarder MSI installers, check installed and target versions, create and start a Windows Scheduled Task, execute the upgrade process, stop and start the Splunk Universal Forwarder service, write upgrade logs, and track local JSON state. The app is designed to help administrators perform safer upgrade rollouts by preventing uncontrolled retry loops against the same MSI installer. If an installer has already reached a terminal state, the app can skip repeated attempts and log retry-prevention activity. When a retry is intentionally needed, the TA also includes controlled force retry and retry reset logic that can be enabled only for selected endpoints. All inputs are disabled by default for safety. Administrators should enable only the required inputs through Deployment Server server classes, local overrides, or approved configuration management. This TA works with the companion parsing app TA-windows_uf_upgrade_parsing, which provides index and sourcetype parsing support, and the optional monitoring app SA-windows_uf_upgrade_monitoring, which provides dashboards, reporting views, and troubleshooting workflows. This app is intended for Windows Universal Forwarders only. It should not be deployed to Search Heads, Indexers, Linux Universal Forwarders, or Splunk Cloud search/indexing tiers.