crogers:

Stream does not support Syslog events sent using Octet-Counting Framing. Stream supports Non-Transparent Framing, specifically the \n trailer character, defined in RFC 6587, section 3.4.2.

Although not supported as of version 3.4.1 this feature is on the roadmap. Ticket number: CRIBL-8628 for future reference.

Yes! Cribl Stream now supports Octet Count Framing on Syslog sources. Please be aware that it's off by default, and must be enabled in the Advanced Settings for the syslog source.