Depending on what information / insights you're looking for, there might be certain info needed from forwarders, in order to put the right data in the right indexes to make the Apps work as designed.
SplunkForwarder can collect metrics / stats from Windows, Linux, etc. that are often not easily attainable via syslog (See About forwarding and receiving).
How many syslog sources are you sending through your rsyslog, and what OS are they?
If you aren't sure how to track any possible trends related to where the malformed log entries, then setting up Deployment and installing forwarders instead of syslog could definitely help you clean up your data (format errors), as well as provide additional data to bring the apps to life.
... View more