Hi,
I am using Checkpoint opsec lea to fetch checkpoint logs and the number of logs which I will get is very high. How can I tell Splunk to not index all ICMP logs and DNS logs coming from Splunk LEA Add-on (Checkpoint)