Is the data that is sent from a splunk Universal Forwarder to the heavy forwarder, syslog messages? If so, how do I find out which format it is using (ie: syslog-ng)
Splunk instances data communication is called S2S (Splunk to Splunk) are proprietary TCP communications. They are not syslog.
View solution in original post