The initial splunk version we had was 4.0.x, we recently upgraded to 4.1.3 , since then our nagios alerts for splunk have started showing up, we use LDAP in our splunk base,
the hardcoded command used in nrpe.cfg for nagios is
./check_splunk search -u 'username' -p passwd -c 2 -w 1 'sourcetype="CFApplicationLog" startminutesago=5 | regex _raw=Application Initialized'
We are now receiving 'Unable to search splunk' alert for this
is check_splunk plugin for nagios still valid for this version of splunk