I have gone through and started working on this problem personally.
Best bet is to implement the TA-Bro, Snort and Suricata apps if all you need is splunk event ingest. Splunk 6.6 provides the ability now to build drilldown dashboards without XML markup much like the security Onion Dashboards are built.
In lieu of waiting for the author to make the necessary changes, you could modify the props.conf, transforms.conf and inputs.conf to suit your particular instance of security onion.
Make sure that the fields referenced in the transforms.conf match your BroIDS version. THose fields have a habit of changing per build of BroIDS.
Also if you want to get snort alerts you may forward the alerts to local syslog facility and bring them into Splunk that way.
This is only a temporary fix in the event the author does not update for a while.
Please feel free to contact me and I can provide the transforms I am using with a Security Onion 14.04.5.2 build.