The APs themselves need to send syslog to the Splunk server. HiveManager cannot forward the syslogs.
I am doing this now but on a trial basis by going into the CLI and adding another line in the conf like below.
logging server 10.X.X.X level notification
The issue I see is when looking in Splunk is the events that are notification and worse show up but in the event it does not indicate which line is notification, warning, error, ect... Does the logging not send the severity with the log?