in audit.rules add
-a exit,never -F path=/opt/splunkforwarder/bin/splunkd -k splunk_exclude
and auditd should no longer log every splunk action as root.
in audit.rules add
-a exit,never -F path=/opt/splunkforwarder/bin/splunkd -k splunk_exclude
and auditd should no longer log every splunk action as root.