Thank you guys for valuable inputs, I installed it on Oracle Linux 9 without any problem.

Alma is not officially supported. It is "relatively close" to RHEL (although not fully 100% bug-for-bug compatible). It can be installed but it requires some tweaking of the install script (as far as I remember, it checks for supported distros so it will refuse to install unless you force it to). Still - it might be a way to run the community version in lab environment but it will not be supported so I wouldn't go prod with it.

Its also worth noting that, as you have highlighted, Alma Linux is not supported. Despite it being based on RHEL it *isnt* RHEL and therefore certain commands/libraries may be different or unavailable.

I have seen this error previously on Rocky Linux which I believe is also RHEL based but ultimately did not work for SOAR.

If possible please try the installation using RHEL9 and see if the issue goes away. You will be limited in terms of support from Splunk if not using a supported OS and any "fixes" to make the installation work may not persist and may cause other issues down the line.

🌟 Did this answer help you? If so, please consider:

• Adding karma to show it was useful

• Marking it as the solution if it resolved your issue

• Commenting if you need any clarification

Your feedback encourages the volunteers in this community to continue contributing.

Hi @Michal_Slezak 

Were there any more detailed log in /opt/phantom/var/log/phantom/phantom_install_log which might give us more information about the platform variable referenced which it seems to be failing on?

🌟 Did this answer help you? If so, please consider:

• Adding karma to show it was useful

• Marking it as the solution if it resolved your issue

• Commenting if you need any clarification

Your feedback encourages the volunteers in this community to continue contributing.