i dont know why splunk does not distribute clear instructions or tools to install and configure linux properly.
redhat 9.x does not have init.d so you need to set boot-start with managed =1, but the service even if installed needs also systemctl ENABLE SplunkForwarder.service.
In redhat 8 this is not the case.
the latest forwarder 9.1.1 also wont setup properly if you don't use user-seed.conf
I came out with this which does it job somehow, would be nice if someone would add his ideas to make it better.
(im running splunk as root for testing perpouses)
#!/bin/bash
SPLUNK_FILE="splunkforwarder-9.1.1-64e843ea36b1.x86_64.rpm"
rpm -ivh splunkforwarder-9.1.1-64e843ea36b1.x86_64.rpm
##change permission to root
chown -R root:root /opt/splunkforwarder
##create user-seed.conf file that Splunk accepts to set admin credentials without user interaction
sudo touch /opt/splunkforwarder/etc/system/local/user-seed.conf
##pass Splunk admin credentials into file
sudo cat <<EOF > /opt/splunkforwarder/etc/system/local/user-seed.conf
[user_info]
USERNAME = admin
PASSWORD = changeme
EOF
##configure splunk
/opt/splunkforwarder/bin/splunk set deploy-poll 192.168.68.129:8089 --accept-license --answer-yes --auto-ports --no-prompt
/opt/splunkforwarder/bin/splunk enable boot-start -systemd-managed 0
/opt/splunkforwarder/bin/splunk start --no-prompt --answer-yes
##configure splunk Redhat 9.x
#/opt/splunkforwarder/bin/splunk set deploy-poll 192.168.68.129:8089 --accept-license --answer-yes --auto-ports --no-prompt
#/opt/splunkforwarder/bin/splunk enable boot-start -systemd-managed 1
#systemctl enable SplunkForwarder.service
#systemctl start SplunkForwarder.service