Logging and identify the violations from staged signatures

I am trying to fix a signature update issue for ASM v12.1.0 here. Signatures are not updated from some time. I wanted to do this in a phase manner now.

1) Enabling signature staging for the policy, enable signature staging for updated/new signatures 2) Run a manual update 3) Get through the Enforcement Readiness period of 7 days 4) Check for any violations for staged signatures and enforce the new/updated signatures respectively.

Regx point 4, will need some guidance on checking for any violation for staged signatures. We are sending logs to splunk and how do i identify from the log data, if the alert was on a staged signature. Pasting some log snippets below.

30/08/2018 11:07:54.000 Aug 30 11:07:54 xxxx.net.au ASM: f5_asm=Splunk-F5-ASM,attack_type="",date_time="2018-08-30 11:07:54",dest_ip=x.x.x.x,dest_port=xxxx,geo_info="US",http_class="/Common/VS_Test",ip_addr_intelli="N/A",ip_client=x.x.x.x,ip_route_domain="x.x.x.x%0",is_trunct=truncated,manage_ip_addr=x.x.x.x,method="POST",policy_apply_date="2018-05-31 10:08:09",policy_name="/Common/VS_Test",protocol="HTTP",query_str="",req_status="passed",resp_code="200",route_domain="0",session_id="4353fdsad4dd",severity="Informational",sig_ids="",sig_names="",src_port="27603",sub_violates="",support_id="17873574374868071705",unit_host="xxxxxxxxxxxxxxxx",uri="/abc/xyz",username="N/A",violate_details="44f3d1e143060702-000000000000000044f3d1e143060702-000000000000000044f3d1e143262702-0000000000000000000040c100240000-0000000000000000