http://docs.splunk.com/Documentation/Splunk/latest/Data/Configureyourinputs
I think you may need to sit down and read through alot of the documentation to become completely familiar with the product. Have you seen the videos on the Splunk site? they sometimes hold free webinars of basic training.
In the meantime, I would suggest that running TCPDUMP as a scripted input would be a better solution.
okay i see. I go check them out.