Hi,
You have to edit the config file of your rsyslog: /etc/rsyslog.conf
I guess you already have a basic configuration.
the less you can do is:
if ($fromhost-ip == 'IP.TO.FORWARD') then @IP.SPLUNK:1514
Do not use the port 514 of course.
Now you should receive your logs on your Splunk port UDP 1514.
You have the possibility to use TCP as well.
... View more