You have mentioned syslogNG for "windows" which is part of the syslog-ng commercial offering (syslog-ng PE)
With syslog-ng PE there are two options for collecting windows logs,
- the Agent for Windows can gather locally then forward to remote syslog-ng server
- syslog-ng PE is capable to collect Windows events remotely utilising the Windows Event Collector framework.
With both solution you can feed splunk directly with syslog-ng without need any UF on the syslog side. You can use the HTTP destination to feed Splunk. Even more a dedicated Splunk destination will arrive in syslog-ng in this year supporting log batching and load balancing.
... View more