Installing universal splunkforwarder:

Run wget command from universal splunkforwarder

wget -O splunkforwarder-7.1.2-a0c72a66db66-linux-2.6-amd64.deb 'https://www.splunk.com/bin/splunk/DownloadActivityServlet?architecture=x86_64&platform=linux&version=7.1.2&product=universalforwarder&filename=splunkforwarder-7.1.2-a0c72a66db66-linux-2.6-amd64.deb&wget=true'
unzip package in /opt
dpkg -i splunkforwarder-7.1.2-a0c72a66db66-linux-2.6-intel.deb

Configuring Splunk receiver

Go to splunk in browser, on top right choose settings then forwarding and receiving
Under title receive data click add new
type TCP port 9997 in the empty field and click add
Go to settings then down to server control, click and then click on restart splunk so that the changes will take effect
You have configured the Splunk receiver so the server will listen on that port

add-splunkfowarder-receiver

Configuring splunkforwarder"

/opt/splunkforwarder/bin/splunk enable boot-start
/opt/splunkforwarder/bin/splunk add forward-server hostname.domain:9997
To test forwarder connection: /opt/splunkforwarder/bin/splunk list forward-server