Thanks for all your responses. It's really more of a linux issue than a Splunk issue. No amount of command line switches would solve it. RHEL 6 and later moved to V4 RSA for signing rpms. RHEL 5 is back on V3 (in addition to being obsolete and unsupported, of course). While I think it's possible to compile an rpm on a current Red Hat that would allow a RHEL 5 server to use it, there are obvious reasons that Splunk would not choose to do so. I know I wouldn't. Since Splunk provides a tarball for kernel 2.6, that's my obvious next route. It complicates my workflow a bit, but what's life without challenges? Thanks!
... View more