Can Splunk receive rsyslog excrypted messages via TCP or should I use a LWF with SSL turned on?
Syslog is typically not encrypted. The only way to securely transmit syslog messages is to send them through an encrypted tunnel (eg. stunnel). You'd need to install stunnel on both the sending and receiving system. You can google for how-tos on how to do that.
Setting up a Splunk forwarder with SSL is probably much easier and less effort.