Duygu,
I am going to try and simplify this a bit.. you are trying to take logs from Splunk Data collection and feed it to the DLP system to then take action against the feed? (Block etc)
This may be possible, but it would require a ton of work to be able to feed the information to the DLP system. The DLP system will require the feed to be in a specific protocol or format.. it will not just take a diect log feed. Though you could dump Files into a folder for inspection. If the inspection matches some DLP policies looking for Keywords etc, it will then create an Event
If so the only really useful action is going to create and event and then the DLP system can send emails or run a script (Flex Response) after the fact. So it will not be real time.
This is an odd way of doing things for you should be able to deply the DLP agent with its own set of policies based on Content/Context/Destination and then have the DLP agent create the event and do some real time blocking, then send a SNMP alert to splunk with the event inforamtion.
Good Luck
Ronak
PLEASE MARKED SOLVED WHEN POSSIBLE