It's a pity, but thank you for the answer.

Please note that recent version of the Raspberry PI Splunk UF is available from the regular universal forwarder download page, under the Linux tab. Look for the "ARMv6" architecture. The package is available as a *.tgz file.

(The announcement link above, links to the app on Splunk base (which is really an old 6.0 download). The latest version is supported by Splunk and available via the standard download channel.)

That download actually fails (neither the wget or the direct link work anymore) so the OP is correct - there's no more options for Raspberry Pi forwarding which is a shame as it is the No. 1 selling computer in the world!

Well, there is a ARMv6 version of the UF to download here https://www.splunk.com/en_us/download/universal-forwarder.html#tabs/linux and I was able to download splunkforwarder-7.2.0-8c86330ac18-Linux-arm.tgz from there.

Also I was able to download an older version using wget like this:

wget -O splunkforwarder-6.6.0-1c4f3bbe1aea-Linux-arm.tgz 'https://www.splunk.com/page/download_track?file=6.6.0/linux/splunkforwarder-6.6.0-1c4f3bbe1aea-Linux-arm.tgz&ac=&wget=true&name=wget&platform=Linux&architecture=ARM&version=6.6.0&product=universalforwarder&typed=release'

cheers, MuS

Ah indeed, you can download from the webpage, but the latest 7.2.x version fails to wget correctly.

Not ideal, but workable if you grab it from the webpage and SCP it to your RPi.

Thanks.