I know, this sounds backwards. However, this is a requirement for a migration process from a syslog-ng/custom java report builder based system to Splunk. The first step is forwarding the logs to their current report builder using Splunk if possible, the following step will be to replicate their reports in Splunk itself.
Basically I have lightforwarders consuming the application logs already, and would like to use these to forward the data to their reporting server to, hopefully a heavy forwarder, to write log files to the filesystem in raw standard syslog format. Their reports should be able to read these as if nothing has changed.