splunkforwarder-monitor exit itself, and I got following message. I saw a similar issue reported for splunk version prior 6.1.3. But in my case, we are using version 8.1.3 [root@em21 splunkforwarder]# systemctl status splunkforwarder -l * splunkforwarder.service - Splunk Universal Forwarder Process Monitor Loaded: loaded (/etc/systemd/system/splunkforwarder.service; enabled; vendor preset: disabled) Active: inactive (dead) since Wed 2022-11-02 00:11:03 UTC; 1 weeks 4 days ago Process: 45771 ExecStop=/etc/splunk/splunkforwarder-monitor stop (code=exited, status=0/SUCCESS) Process: 38220 ExecStart=/etc/splunk/splunkforwarder-monitor start (code=exited, status=0/SUCCESS) Main PID: 38220 (code=exited, status=0/SUCCESS) Memory: 6.4M CGroup: /system.slice/splunkforwarder.service Nov 01 23:56:51 em21 splunkforwarder-monitor[38220]: Done Nov 01 23:56:51 em21 splunkforwarder-monitor[38220]: Checking default conf files for edits... Nov 01 23:56:51 em21 splunkforwarder-monitor[38220]: Validating installed files against hashes from '/opt/splunkforwarder/splunkforwarder-8.1.3-63079c59e632-linux-2.6-x86_64-manifest' Nov 01 23:56:52 em21 splunkforwarder-monitor[38220]: [ OK ] Nov 01 23:56:52 em21 splunkforwarder-monitor[38220]: All installed files intact. Nov 01 23:56:52 em21 splunkforwarder-monitor[38220]: Done Nov 01 23:56:52 em21 splunkforwarder-monitor[38220]: All preliminary checks passed. Nov 01 23:56:52 em21 splunkforwarder-monitor[38220]: Starting splunk server daemon (splunkd)... Nov 01 23:56:52 em21 splunkforwarder-monitor[38220]: Done Nov 02 00:11:03 em21 splunkforwarder-monitor[38220]: INFO: /opt/splunkforwarder/var/run/splunk/conf-mutator.pid is gone, which indicates that splunk existed successfully. Quiting splunkforwarder-monitor... [root@em21 splunkforwarder]#   [root@em21 splunkforwarder]# rpm -qa | grep splunk splunkforwarder-configure-3.7-48.noarch splunkforwarder-8.1.3-63079c59e632.x86_64 [root@em21 splunkforwarder]# ... View more