What are the best ways to reduce the volumetry of logs indexed in splunk, especially ones from firewalls? [on hold]

Firewalls logs represent around 60% of the logs of an information system. We are using Splunk and want to reduce the volumetry without losing important information. One solution we question is the usage of a log aggregator as logsurfer. The idea would be for example to: aggregate usual logs groups as e.g. for session opening…