No it is not. Splunk will only call external processes in response to user actions in:
A custom search command. These run under the Splunk python interpreter, not bash, and do not allow arbitrary specification of environment variables.
A scripted lookup. This operates the same as a custom search command, with the addition that it may run Perl as well as python
An alert action. This may be a shell script, but it must be specified by path and must reside in a specific location (not an arbitrary command or command line), and the user can not specify environment variable to pass to it.
A scripted or modular input. These may be shell scripts, they must be specified by path and must reside in a specific location (not an arbitrary command or command line), and the users can not specify environment variables to pass to them.
In all cases, the external program must be placed in specific locations on the system by an administrator. By default, there are no scripts or programs that invoke bash in current or recent versions of Splunk. The administrator can of course create vulnerabilities by placing and allowing access to dangerous programs. But the shellshock bash vulnerability can not be invoked.
... View more