Did you get any further on this?
Why not just write your own log reader to send the data to Splunk?
Our OOTB logreaders are meant to send TO APM, but not out to a third party.
Every programming language today has some sort of method to read logs.
The EM logs are in standard log4j format so it's easily read.
I converted this to a question to get more response. Is any further assistance needed after the responses provided or may we mark this thread as answered?
Marking as answered since a "how-to" response was given and there were no follow-up questions