The splunk service user seems to be reading the Active Directory's "Deleted Object Container" as frequent as 60 times per second.
Every time this container is accessed, it generates Windows Security audit logs; thus increasing the volume and frequency of Windows Security logs that the Universal Forwarder has to forward for indexing. We suspect this is the cause of the issue to spiral. Also, because of the increased log volume, the Security logs now rolls every 5 hours, instead of a few also we see high resource utaliation due to