You do not have to use Splunk's built-in
WinEventLog facility. You can use the native Windows facilities to write a subset of logs to a directory/file and the use normal Splunk directory/file monitoring to forward them in.
Yes it's possible.
Take a look at this:
In principle you would need something like the following in your inputs.conf file:
[WinEventLog://Application] disabled = 0 start_from = oldest index = yourindexname
Then simply search from your GUI with:
The default sourcetype for Windows Application Logs is the one I specified above, but you can change this (not recommended as it'll have a major impact on parsing, etc).
If your view has a unique path you can do it this way:
[WinEventLog://Path-To-Your-View] disabled = 0 start_from = oldest index = yourindexname
If that doesn't work for you, do you have any other way to uniquely identify those logs you are planning to collect? Is there a field that is unique for those events? If that's the case, blacklists and whitelists might be the only reasonable way even if you don't want to use them.