I'm very new to Splunk so forgive me if this isn't the best method available. I too was having this issue with limiting the length/size of Messages from Windows 2008 Security Logs. The work answer for me was to use the regex creation tool.
Again this may be a beginner stuff but it worked for me!
eval Message=split(Message,".") | eval ShortMessage=mvindex(Message,0) Gives the first sentence of the Windows Message field. Split divides the Message field by sentences (split at each period "." - the second command populates the first sentence (0) into the field called "ShortMessage"