@livehybrid @kiran_panchavat PFA, this is so weird, i have seen few cases like this in the community with no solution. I tried multiple OS of Linux and older versions of forwarder, but its still the same.. Please find a solution as i tried a lot of versions here...

splunkforwarder-9.4.1-e3bdab203ac8-linux-amd64-manifest

older version 9.4.0 splunk forwarder - splunkforwarder-9.4.0-6b4ebe426ca6-linux-amd64-manifest

@kiran_panchavat @livehybrid Unfortunately , there seems to be no solution for this, i tried and followed the exact steps mentioned in the given below Splunk Doc, but i encounter the same error again and again. Do u know how to mitigate this scenarios or any further suggestions on why this is happening. I tried in few of the different settings of VMs where different platforms of linux were installed along with that i increased the capacity of the OS to ensure no issues on the other side. The issue seems to residing in unbundling of the downloaded packages.

I understand installation is being corrupted but the package is being downloaded from splunk site right?

it shows all files intact but unable to host forwarder in an instance

I am stuck here with no specific solutions...

FYI -Tried different linux OS/versions, tried downgrading the SF versions as well... increased capacity of OS

Hi @Gururaj1 

Just to check - apart from the errors you mentioned - Does Splunk install correctly? Those errors dont necessarily mean there is an issue - its likely that part of the debian preinst script which calls a "temp_splunk-preinstall" file - this is looking for those locations to do *something* - "find" is usually used to "find" something (file/folder) and then do something to it like update permissions or something. 

If the find returns no files the script looks to continue, finally finishing with "complete" - at this point I'd expect your install to be complete - Since you splunk validate command returned a success I thing these "errors" are benign. 

The existence of them is either a mistake in that script - OR - it could be for something we arent necessarily aware of.

Either way, If the files get installed then I'm confident this isnt an issue.

🌟 Did this answer help you? If so, please consider:

• Adding karma to show it was useful
• Marking it as the solution if it resolved your issue
• Commenting if you need any clarification

Your feedback encourages the volunteers in this community to continue contributing

Hello @livehybrid , thank you for the update, 

I would have ignored this if I was able to access the splunk UF webpage. But the issue here the webpage timeout appears and I tested the exact scenario with splunk HF and Splunk Enterprise  9.4.1 and it works perfectly fine[No errors while installation]. Am i missing something here ?

However, thank you. If you find any resolution to this, please do let me know. As the issue is unknown, not sure how to tackle..

Hi @Gururaj1 

The UF does not have a web UI. 
Check /opt/splunkforwarder/var/log/splunk/splunkd.log to see if the server is running (it should update quite regularly)

🌟 Did this answer help you? If so, please consider:

• Adding karma to show it was useful
• Marking it as the solution if it resolved your issue
• Commenting if you need any clarification

Your feedback encourages the volunteers in this community to continue contributing