Can you clarify your question. What kind of transaction data are you trying to capture? What are you trying to get splunk to do with this data?

Well, it's a little complicated, but I think first we need to address what you're trying to do.

Splunk will not read Oracle transaction logs (i.e., the database redo logs). You can consume the alert log, or turn on Oracle tracing to generate text files that can be consumed by Splunk. But I'm pretty sure that's not what you're asking.

I'm pretty sure that you actually want to record database record create/update/deletes. Splunk can't read this from the redo logs, as it's a proprietary binary format, and not very transparent anyway. If you really want to do this, you need to use something like Oracle Streams or Oracle LogMiner to read it, pick out the things you want, and write them into a text log file suitable for Splunk consumption. This isn't entirely trivial.

Most people will instead use a Splunk scripted input that polls just the actual database tables that you are interested in seeing and writes to a text file. This might not work for you. If that is so, database triggers might work better.

I believe that the default location for the transaction log files is the same directory than where the datafiles sit.

Of course, this may have been changed by the DBA when the database was initially configured.