Triton integrates with 3rd party SIEM by configuring it to send a syslog feed (TPC or UDP) as key-value pairs to splunk.
Would you rather stream to a syslog server and have splunk tail the resulting file? (better i guess?)
The recommended approach is to scrape the Websense MSSQL database, specifically the log tables, using a scripted input that outputs the contents of these tables to an appended log file that Splunk indexes.