Thank you both for your assistance. I spent the last week working primarily with every relevant lab device that I have. That includes the firewall, router, switches, ESXi hosts, AWMS, CPPM, ALE, and some additional management systems. I have forwarded them all to the Splunk server which also contains the syslog server. In this environment there is no major need to separate the two (Syslog and Splunk). At this time, I am just trying to see what informatin I get and determine if there is some correlation. From the correlation I want to start generating charts and reports. Currently, the goal is simple. My ultimate goal is to present something to management that the value of using Splunk for all productions devices that we manage - not just some. I need to correlate the logs from the controller, switch, router, firewall, DSLAM (if possible), VPN concentrator, AWMS, CPPM, ALE, etc. that produces viable information regarding a user, device, or site. I will keep digging and see where I can be creative.