We have our cisco device configs pointing syslog to Kiwi and then we forward in Kiwi to other systems that need the logs like qradar and snare. Don't really have a diagram of it though.
Since we have many different types of devices sending syslog into Kiwi we use a regex filter to forward only those message formats that we want to send to particular receivers. As an example the filter I have for forwarding Cisco formatted level 0-7 syslog messages looks like;
