We are currently deploying Splunk Connect for Syslog (SC4S) and need expert assistance to resolve data ingestion issues and ensure correct parsing and mapping of incoming syslog messages (including Cisco logs, test logs, and fallback events). Current Environment: SC4S running in Docker on Ubuntu Splunk HEC is configured and accepting test events via curl Custom logger tests are reaching SC4S but resulting in fallback handling or 400 status codes from HEC Logs are not showing under expected sourcetypes like cisco:ios Goals: Ensure test and real device syslogs are parsed correctly and mapped to the correct sourcetypes Eliminate fallback routing and 400 errors Validate data is ingested into Splunk as expected (e.g., cisco:ios, cef, etc.) Help create clean override configs if needed Deliverables: Working SC4S setup routing and parsing logs correctly At least one test log type (e.g., CEF or Cisco) confirmed working end-to-end Brief documentation of steps or changes applied Preferred Skills: Experience with SC4S Splunk HEC and sourcetype mapping knowledge Syslog formats and logger simulation familiarity Docker and Linux experience Timeline: ASAP — Immediate availability preferred