Hi Pheniix,
I setup eStreamer to forward logs to our Splunk instance; however, I am not receiving anything! . "Intrusion Event Packet Data" is also checked. We had several IPS event fires , since this configuration has been in place, but NOTHING was forwarded to Splunk.
 I did a search for rec_type_simple=PACKET and did not see anything :( . Could you please help me ?