How can Splunk pull events and classification data from Websense Triton? It appears that the data is stored in a SQL database, but I don't see mention of an export tool, API, or other method to grab the data other than reverse-engineering their schema.
try this custom logging config in WSG
%\" fw=% pri=6 proto=% duration=% sent=% rcvd=% src=% dst=% dstname=% user=% op=% arg=\"%\" result=% ref=\"%<{Referer}cqh>\" agent=\"%<{user-agent}cqh>\" cache=%"/>
How would you go about "bouncing" the logs to splunk?
try custom log configuration on your WSG produce text log files. Then use syslog-ng v3 or Snare agent to bounce the logs to splunk (or centeral logging host)
You could use a database trigger to dump rows to a file on insert or some other condition, but I don't think you will be able to even do that without understanding the schema.