Ok Now reached somewhere after following the steps:

Step 1: download the phantom APP and install it via file or any method suits you.
Step 2: open the following in splunk interface
Settings > Access controls > Roles > Admin > Capabilities
Step 3: move phantom_read and phantom_write from Available capabilities to Selected capabilities.
Step 4: go to SPLUNKHOME/etc/apps/phantom/local/phantom.conf
Step 5 : change the following parameter in phantom.conf file (only if you are not using certificates for the communication between the servers):
[verify_certs]
value = true (change to false)
Step 6: Now go to the Phantom APP and change the tab from "event forwarding " to "phantom server configuration" >> click on + button and paste the authentication json string in the box and click save

But now I am getting the following error :
Failed to communicate with Phantom server "https://xyz". Error : invalid token from "IP"

Might be this is caused since token is expired, still troubleshooting soon update the post.

Hi I Have been able to Configure Phantom Server.
However the Event forwarding buttons are inactive.

Can someone talk me through Configuring Forwarding from Splunk to Phantom

Different version of Splunk but i had the same issue, there is a KB about it, the thing i found annoying was there is no mentioned of additional permission mention in the docs (i did this in a dev enviroment so i was an full admin). But phantom support was fast to respond

https://my.phantom.us/kb/66/

"With versions of Splunk previous to 6.5.3, the Phantom App on Splunk server config or searches hang with the message "updating".

To resolve the issue, add the required Phantom capabilities to the Admin and whichever Role is in use by the Phantom App.
• In the Splunk UI, navigate to Settings > Access Controls > Roles.
• Select the Role name.
• In the Capabilities field, verify "admin_all_objects", "phantom_read", "phantom_write", and "list_storage_passwords" are all applied.
• Save the configuration change.
"