I have an appliance that can only forward syslog via UDP. Is there a way for me to forward the udp syslog to a machine that has a Heavy Forwarder, or UF on it and have the forwarder relay the Syslog via TLS to the server running my Splunk Enterprise Instance?
Two things.
1. A Heavy Forwarder is a Splunk Enterprise instance. It's just doing forwarding.
2. If you can receive your UDP traffic at the forwarder why send it to another Splunk instance with syslog instead of native Splunk protocol?
Perhaps this answer will help: https://community.splunk.com/t5/Splunk-Enterprise/Having-Syslog-logs-into-SPLUNK/m-p/693546/highligh...