Edits Splunk Universal Forwarder config files to change the log source name. Useful for Citrix MCS and PVS images.

ChangeSplunkServerName.ps1

<# 
Edits the SplunkUniversalForwarder config files to put in the correct hostname, restarts the service.
Running as an Windows Startup Script is reccomended. 
#> 

# Target files and strings, thank you grep for windows. 
# C:\Program Files\SplunkUniversalForwarder\etc\system/local/inputs.conf:host = servernamehere
# C:\Program Files\SplunkUniversalForwarder\etc\system/local/server.conf:serverName = servernamehere

# First, cehck that the Universal Forwarder is installed. 
if (-Not (Test-Path -Path "$env:ProgramFiles\SplunkUniversalForwarder\bin\splunkd.exe" -PathType Leaf)) {
    Exit # Nothing to do. 
}

$CONFinputs = "$env:ProgramFiles\SplunkUniversalForwarder\etc\system\local\inputs.conf"
$CONFserver = "$env:ProgramFiles\SplunkUniversalForwarder\etc\system\local\server.conf"

# Open inputs.conf ($CONFinputs) for writing. 
$content = Get-Content $CONFinputs
#RegExp Pattern
$pattern = 'host = (.+).*'
$replacment = "host = $env:COMPUTERNAME"

$content = $content -replace $pattern,$replacment
# Write the new config file. 
$content | Set-Content $CONFinputs

# Open server.conf ($CONFserver) for writing. 
$content = Get-Content $CONFserver
#RegExp Pattern
$pattern = 'serverName = (.+).*'
$replacment = "serverName = $env:COMPUTERNAME"

$content = $content -replace $pattern,$replacment
$content | Set-Content $CONFserver

# Restart the Service. 
Restart-Service -Name SplunkForwarder