You can download a nice KB article from within your Sourcefire account that explains exactly how to do this almost step by step. The name of it is "eStreamer Integration Guide". You'll find that you need to install several Perl modules on your Splunk server before eStreamer will work.
... View more