Although syslog-ng OSE currently does not have any built-in integration with Splunk, the existing message-formatting features and flexibility of syslog-ng OSE allows you to forward your log messages to Splunk. In syslog-ng OSE version 3.8 or later, you can use the http() destination. In earlier versions, you can use the program() destination.

For details on forwarding log messages to Splunk with syslog-ng OSE see the following posts on the Splunk blog:

• syslog-ng and HEC: Scalable Aggregated Data Collection in Splunk

• Using Syslog-ng with Splunk

Note that the syslog-ng Premium Edition application has a dedicated Splunk destination. For details, see splunk-hec: Sending messages to Splunk HTTP Event Collector.