I am hoping that Splunk will send out a global communication (email) about this issue and include a set of versions that are affected and a timeline when they will be patched/updated.

that was it, thank you.....indeed we are affected

[xxxxxxxxxxxx /]$ cd /splunk/bin/
[xxxxxxxxxx bin]$ pwd
/splunk/bin
[xxxxxxxxxx bin]$ ./splunk cmd openssl version
OpenSSL 1.0.1e-fips 11 Feb 2013

if this is a default *uix setup try:

/opt/splunk/bin/splunk cmd openssl version

is there another command to run I've tried below with different variation but it never returns any ouput?

$SPLUNK_HOME/bin/splunk cmd openssl version

/]$ $SPLUNK_HOME/bin/splunk cmd openssl version
-bash: /bin/splunk: No such file or directory

Is there another way to run this command?

did you run this like $SPLUNK_HOME/bin/splunk cmd openssl version? Otherwise you will probably get a response from your servers openSSL installation not the one from Splunk .....

According to heartbleed.com:

What versions of the OpenSSL are affected?

Status of different versions:

OpenSSL 1.0.1 through 1.0.1f (inclusive) are vulnerable
OpenSSL 1.0.1g is NOT vulnerable
OpenSSL 1.0.0 branch is NOT vulnerable
OpenSSL 0.9.8 branch is NOT vulnerable
Bug was introduced to OpenSSL in December 2011 and has been out in the wild since OpenSSL release 1.0.1 on 14th of March 2012. OpenSSL 1.0.1g released on 7th of April 2014 fixes the bug.

Our production search head is running Splunk 6.0. When I look at the command line:

bin]$ openssl version
OpenSSL 1.0.0-fips 29 Mar 2010

Does this mean we are not affected by this?