So at this point it looks like there are a couple different solutions to this -- Your (JSapienza) solution regarding count and seek, and the original issue/solution submitted by gdiazlo. I wonder if we can get some input from splunk as to their thoughts on this; the *nix app is their app after all. I'd be interested to hear their take... Perhaps I'll ask them as I believe I have access to support 🙂 Thanks for the information and quick response! ... View more

I have also noticed high CPU usage on my universal forwarders that is coming from rlog.sh. Has there been an official fix/patch for this? Right now our splunk is running in a dev/testing environment/configuration, so I was probably going to just temporarily disable the rlog.sh script until we can work this out. So any ideas/suggestions/fixes/confirmations of fixes would be great! thx ... View more