As far as I know, there is no definative list. However referencing the Docs, providing there is a technology add-on for it, then it will be supported by the ES App (ref: http://docs.splunk.com/Documentation/ES/latest/Install/GetdataintoES), but this does not mean, these are your only options... This describes how to add your own custom security events.
You should probably contact Splunk directly for more assistance with your requirements. Splunk is flexible in what it can do, so they will be able to advise you appropriately. It also requires a more unique set-up (rather than your standard use-case).
Sorry to give such a floppy answer, but it depends on what you want ES to do. You'll want to pull in at least one type of data for each of the domains that you want to cover. For instance, typically customers will have *nix and Windows data for the Access Protection domain at first, and then expand to database logins, and then expand to custom apps, badge readers, and who knows what else.
ES has domain coverage of the type I just discussed for account management, several endpoint and network technologies, and broader concepts like auditing and threat. To get more specific, I'd recommend checking out the docs.