Have you tried the fix suggested here?  https://community.spiceworks.com/topic/2222892-search-adminauditlog-need-to-enable-tls-1-0-to-work-correctly ... View more

This is how (I think) I fixed this error: Change this line in rlog.sh from: if [ -n " service auditd status " -a "$?" -eq 0 ] ; then To: if [ -n " service auditd status 2> /dev/null " -a "$?" -eq 0 ] ; then Why this works? Because on rhel7 the redirecting to systemctl comment is sent to stderr which splunk interprets as an error it should log under the ExecProcessor in splunkd.log ... View more

Hi, I'm seeing the same issues on some rhel5 boxes that have iptables enabled. Did you ever find a solution to this? The bandaids I've seen suggested elsewhere are to increase net.ipv4.netfilter.ip_conntrack_max. ... View more

xfs is the default filesystem in RHEL 7, not btrfs so splunk will work fine on it ... View more

Have you had a look at my app (apologies for the shameless self promotion): http://splunk-base.splunk.com/apps/88316/dnslookup It doesn't quite do what you're asking but it is close. ... View more

On fedora 18 I've hit this problem as well, my workaround (that doesn't work see additional comment below) might be helpful to some people. I just replace the locktest (/opt/splunk/bin/locktest) with a bash script which does an 'exit 0'. Edit: Ok, this worked for a little while and then resulted in the indexer blocking and lots of weird things happening. ... View more