A heavy forwarder can filter logs but what I think you want is to forward the logs, in their entirety, to the indexer, using a universal forwarder. The indexer component of Splunk then stores and indexes the logs so they can be parsed, searched, have alerts generated from, etc from the search head (note that the search head could be the same physical device as the indexer, in a small environment).
Splunk provides awesome documentation that can get you started (I use it frequently myself 😉 😞
http://docs.splunk.com/Documentation/Splunk/latest/Tutorial/WelcometotheSplunkTutorial
... View more