I have installed the Splunk Universal Forwarder version 6.3.4 on a RedHat 7.1 server and, after disabling the management port the splunkd process crashes. For disabling the default port we use an app with server.conf as follows:
disableDefaultPort = true
This configuration works fine with older versions of Splunk Universal forwarder like 6.1.6 or 6.2.5
If its crashing, you should see a crash log in the var/log/splunk directory. Try stripping out any other changes you've made to the forwarder, and just try restarting with the management port disabled. Does it still crash? You might want to open a support ticket for this.
Yes, there's a crash file in /var/log/splunk directory. Restarting splunk with the management port disabled makes it crash again and again.
Any reason to use 6.3.4? You may try the newer builds: 6.3.6 or 6.4.2 and see if it works.