Splunk Application or "Best Practices" document

Looking to figure out best practices around what to report on from the Syslog output from SPP.

Capturing the logs and everything is all working as expected, but looking for something to help figure out which logs are the important ones and which to alert on. Does anyone know of a document out there that spells out the Syslog logs and which are best to send out alerts for? 

Either that, or if someone has created a lightweight Splunk app that does something similar with the Syslog output.