Currently, I'm pulling in the minemeld_domainthreatlist.csv lookup via the Palo Alto Splunk TA v 6.1.1.
It's working as expected, but the CSV file gets rather large (currently over 300mb) with lots of duplicate events.
Is there a way of controlling the file size? Either by time or number of similar events?