This is applicable for version 7.2.2 later.
you should run below commands with sudo user
useradd splunk
tar splunkbinary.gz -C /opt
chown -R splunk:splunk /opt/splunkforwarder
/opt/splunkforwarderk/bin/splunk enable boot-start -systemd-managed 0 -user splunk --no-prompt --accept-license
sudo -u splunk /opt/splunkforwarderk/bin/splunk start
————————————
If this helps, give a like below.
