Hi DevLoop,
I havent worked with the Splunk module, but i'm going to assume that it works the same as the others, and essentially just displays some pretty graphs and charts in the GUI based on "alerts" that Splunk has generated.
In regards to the SecureX->Splunk element, that is going to be for CTR, Cisco Threat Response, which you can input and IP or domain etc, and then it will search for instances of that within your Splunk environment.
I suppose the main question is what are your requirements for logging. If you have no actual requirements to be able to do searches on log data, or data retention, then you could just use SecureX. If you have more traditional SIEM-style requirements, then SecureX isnt going to cut it.
There is a SecureX Partner Support WebEx Teams space that you can join by requesting access through this form - https://cs.co/9001Guw6S
I am also from a MSP/Cisco Partner, but this is a good partner space for discussing options to your style of issue.