Splunk has given a plugin to integrate splunk events with SCOM 2012 and same viewable via a special Splunk dashboard. It works perfectly fine and I like it.
Now my querie is,
I believe the word Active alerts in SCOM gives me all active alerts including the 3rd party integrated components, then it should apply to Splunk as well.
Please help me.
Settings » Forwarding and receiving » Forward data » Add new
Add SCOM host & you will see events from Splunk into SCOM.