Splunk can forward any RFC 3164 compliant events from any platform to a TCP/UDP based server and port, making the payload of any non-compliant data RFC 3164 compliant. You can specify any of the following:
TCP priority (combination of facility and severity)
Ability to specify regex and forward only the data that matches regex via props/transforms
Filter what is sent by source type, or other meta data, again via props/transforms.
Mandatory truncating of data to 1024 (to comply with RFC 3164)
For more info, see:
... View more