ulimit settings can be configured and overridden in many places and by multiple processes.
Depending on if you are running under init.d or systemd, if you are setting ulimits via /etc/security/limits.conf vs /etc/security/limits.d/*.conf, setting directly in systemd unit file, and so on...
The ONLY source of 100% truth on what limits are currently applied to a running process is the kernel itself.
If those values do not match what you expect, then you will need to work backwards to determine where they are being set/modified.
Example method to query the kernel for the limits being applied:
First, find the PID of your Splunk process (your output will vary, and I've removed some lines from this example);
# ps -ef |grep -i splunk
root 34078 1 4 Jun18 ? 15:42:22 splunkd -p 8089 restart
root 34081 34078 0 Jun18 ? 00:06:55 [splunkd pid=34078] splunkd -p 8089 restart [process-runner]
root 70375 68047 0 13:19 pts/0 00:00:00 grep --color=auto -i splunk
In this example, 34081 is the PID of my running Splunk process.
Now, use that PID in order to find the limits that are currently applied to that process:
# cat /proc/34081/limits
Limit Soft Limit Hard Limit Units
Max cpu time unlimited unlimited seconds
Max file size unlimited unlimited bytes
Max data size unlimited unlimited bytes
Max stack size 8388608 unlimited bytes
Max core file size unlimited unlimited bytes
Max resident set unlimited unlimited bytes
Max processes 128616 128616 processes
Max open files 65536 65536 files
Max locked memory 65536 65536 bytes
Max address space unlimited unlimited bytes
Max file locks unlimited unlimited locks
Max pending signals 128616 128616 signals
Max msgqueue size 819200 819200 bytes
Max nice priority 0 0
Max realtime priority 0 0
Max realtime timeout unlimited unlimited us
Compare these values to what you are expecting to see based on configuration files.
... View more