When I'm trying to install the splunkclouduf.spl file, I run into an error that a tmp directory doesn't exist. I got Splunk installed on one host just fine, with the exact same configuration (Amazon Linux, 2017.09.1.20180115). Nothing else is installed on these servers except the Splunk forwarder. I've tried on a third host, and got the same error:
[root@<hostname> ~]# /opt/splunkforwarder/bin/splunk install app splunkclouduf.spl -auth admin:changeme
Error during app install: failed to extract app from /root/splunkclouduf.spl to /opt/splunkforwarder/var/run/splunk/bundle_tmp/2d5c2511cc4a37f4: No such file or directory
I've tried changing /opt/splunkforwarder/var/run/splunk/bundle_tmp to 777 for testing, and that did not work.
I was having the same issue. The problem I discovered was that when using wget or curl to download splunkclouduf.spl that the resulting file was html and not the intended download. This was discovering by looking at the file contents using the head command. By downloading in a browser, then copying over to the intended system, the installation went correctly.