I am trying splunk with auditctl 1.5.2 on CentOS 5 and cannot figure out how to get splunk to display the audit logs in ausearch -i mode (converting the encoded date/time stamp to human-readable). Thanks for any insights. Scott