https://community.splunk.com/t5/Getting-Data-In/Logging-Aggregation-for-Checkpoint-Firewalls-Logs/m-p/204265#M98772 <P>I am going slightly over my license limit from time to time because of the Checkpoint firewall logs. Is there a way to aggregate some of the firewalls logs before start indexing them into the Splunk indexers? Or the only option would be to add another 20GB of license to Splunk.</P> Fri, 01 Jan 2016 18:19:03 GMT daniel_augustyn 2016-01-01T18:19:03Z https://community.splunk.com/t5/Getting-Data-In/Logging-Aggregation-for-Checkpoint-Firewalls-Logs/m-p/204265#M98772 <P>I am going slightly over my license limit from time to time because of the Checkpoint firewall logs. Is there a way to aggregate some of the firewalls logs before start indexing them into the Splunk indexers? Or the only option would be to add another 20GB of license to Splunk.</P> Fri, 01 Jan 2016 18:19:03 GMT https://community.splunk.com/t5/Getting-Data-In/Logging-Aggregation-for-Checkpoint-Firewalls-Logs/m-p/204265#M98772 daniel_augustyn 2016-01-01T18:19:03Z https://community.splunk.com/t5/Getting-Data-In/Logging-Aggregation-for-Checkpoint-Firewalls-Logs/m-p/204266#M98773 <P>I'm not aware of any option to do this. You could potentially try to hack your own via transforms or unarchive_cmd (search on answers for examples of either), but the Check point stuff can't really be aggregated easily. </P> Mon, 04 Jan 2016 07:58:04 GMT https://community.splunk.com/t5/Getting-Data-In/Logging-Aggregation-for-Checkpoint-Firewalls-Logs/m-p/204266#M98773 David 2016-01-04T07:58:04Z