grab
https://www.splunk.com/en_us/download/universal-forwarder.html

to install on the linux client
https://docs.splunk.com/Documentation/Forwarder/9.2.1/Forwarder/Installanixuniversalforwarder

to send data to the search head
https://docs.splunk.com/Documentation/Forwarder/9.2.2/Forwarder/Configuretheuniversalforwarder

put inputs.conf in the "C:\Program Files\SplunkUniversalForwarder\etc\apps*\local\inputs.conf"
restart splunk service