Are you sure that ossec is collecting and thus reporting. Please check alerts.log to quickly verify the events are being logged.
If not then verify agents are connecting /var/ossec/bin/agent_control -l if they are then verify that you are outputting the logs to splunk correctly. If splunk is not receiving them then verify it is configured correctly: http://www.ossec.net/main/splunk-ossec-integration After all is said and done and you are sure that everything is set up correctly on the ossec side and you are still having issues, consult http://answers.splunk.com/. This is a fantastic resource for splunk issues.
