What is the recommended method of forwarding all splunk inputs to an external syslog server listening on UDP/514?
Our setup in question is a Full Splunk 6.0 implementation and has multiple data inputs listening on multiple ports (514-520) logging data into multiple Source Types and Indexes.
I am looking for the recommended configuration within Splunk to forward all that data (no filtering required) to an external syslog server (SIEMC).
Check out this Answers topic: Output syslog to external
Here is the relevant section of the documentation: Forward data to third party systems -- Syslog data
If no filtering is require, you can just edit outputs.conf:
Edit outputs.conf to specify receiving host/IP and port
type = tcp (Optional)
server = 192.168.0.1:514