We are attempting to upgrade Splunk Universal Forwarders using the UF Remote Upgrade Add-on.

As per Splunk documentation, we have installed the add-on, placed the required upgrade packages in the appropriate directories and pushed the app to the target clients via the Deployment Server. However, the upgrade is not taking place and we are seeing the following error in the log file located at /opt/splunk/var/log/splunk/upgrader_package_delivery.log:

Error log from  /opt/splunk/var/log/splunk/upgrader_package_delivery.log

2025-09-22-14:22:10 Conf file from UF updater does not exist at "/opt/splunk/var/run/splunk/splunkupdater/info". The UF updater is likely not installed or running.

2025-09-22-14:22:10 Cancelling package delivery and waiting for next interval.

2025-09-22-14:23:10 Checking if any forwarder packages are available

2025-09-22-14:23:10 Found files in /opt/splunk/etc/deployment_apps/splunk_app_uf_remote_upgrade_linux/bin/../local/packages. Will deliver them.

splunk_app_uf_remote_upgrade_linux/
├── bin
│   └── SPLUNK_UPDATER_INTERNAL_deliver_pkg.sh
├── default
│   ├── app.conf
│   ├── inputs.conf
│   ├── local_config
│   └── packages
│   ├── splunk-upgrader-linux-102.tgz
│   └── splunk-upgrader-linux-102.tgz.sig
├── local
│   ├── app.conf
│   ├── local_config.bkp
│   └── packages
│   ├── splunkforwarder-10.0.0-e8eb0c4654f8-linux-amd64.tgz
│   ├── splunkforwarder-10.0.0-e8eb0c4654f8-linux-amd64.tgz.sha512
│   └── splunkforwarder-10.0.0-e8eb0c4654f8-linux-amd64.tgz.sig
├── metadata
│   └── local.meta
└── VERSION

Note: Splunk enterprise is running with version 10.0.0 and UF is running with 9.4.2