When a custom audit sink file is created to feed to Splunk in "raw" format, it always prepends each line with "-4 :" before the message (the message could be in json format or other format).
Release : 10.1
Audit package predefined format include the message id.
Set cluster wide property audit.log.otherDetailformat = {1} (The default value is {0} : {1} ).
Audit log format cluster wide properties:
https://techdocs.broadcom.com/us/en/ca-enterprise-software/layer7-api-management/api-gateway/10-1/administer-the-gateway/gateway-auditing-threshold-and-format.html