so, i would suggest you to have a test box with AIX with IBM VIOS and install UF thru .tar format and try to send out security logs. it should be fine, it may give some issues, but it should not trouble you much.
if these things didnt work out, then, syslog is your friend(ours as well)
as VIOS is special kind of appliance type of AIX instance I also suppose @tscroggins way to use syslog as a standard way to get those event's out of it. To installing anything other than IBM have approved to this instance probably broken it later (e.g. in update) and then you need to rebuild it and hope that this haven't generated too much issues to real AIX instances on those boxes.
In past environments, I did not install the UF on VIOS partitions; however, your IBM and Splunk sales engineers may have suggestions. I had the convenience of the Tivoli suite for infrastructure monitoring. You may need to engage IBM support to configure syslog forwarding in a "supported" manner. As an IBM customer, I'm sure you're familiar with the machinations necessary to keep Big Blue happy. 😉