I did some searching and can't find an answer, although I suspect there is a simple answer...
I have a network segment that I need to forward logs out of. We have Windows, Cisco and Linux equipment in this segment. I wanted to send all these logs to a Universal forwarder, then from there have that universal forwarder send it to the indexer. This was we only have one hole in the firewall.
I am unsure of how to setup this one universal forwarder. How can I configure it to take input from all three different kind of systems and forward on to indexer along with it's own logs?
You should use a heavy forwarder rather than a universal forwarder. A heavy forwarder is a full Splunk instance and can be setup through the user interface
https://docs.splunk.com/Documentation/SplunkCloud/6.6.3/Forwarding/Deployaheavyforwarder