The above by quixand worked for me as well on Redhat/CentOS. We also added the -d and -R flag to the setfacl command to set the defaults for the directory and make the change recursive.
sudo setfacl -Rdm g:splunk:rx /var/log/
The results of getfacl then include:
default:group:splunk:r-x
,
... View more