I don't see a reason why "Splunk team" cannot implement such a "performant, reliable and flexible" syslog entry point internally so that we don't need that extra stuff in front of it. It's the strenghts of Splunk of being so performant, so why not make a good UDP / syslog compatible entry point for it? The syslog client implementations can also cache and buffer stuff in case of small network disruptions already. Papertrail for example can also handle syslog events directly without any problem. ... View more