Lookups for the Splunk Add-on for RSA SecurID CAS
The Splunk Add-on for RSA SecurID CAS contains the following lookups. The lookup files are located in $SPLUNK_HOME/etc/apps/Splunk_TA_rsa-securid/lookups
.
Filename | Description |
---|---|
rsa_securid_cas_admin_events_mapping.csv
|
Maps action , change_type , object , object_attrs , object_category , and command fields using the activityKey field.
|
rsa_securid_cas_adminlog_action_field_mapping.csv
|
Maps action field using the activityKey and result fields.
|
rsa_securid_cas_usereventlog_action_field_mapping.csv
|
Maps event's action field to data model action field
|
rsa_securid_cas_usereventlog_field_mappings.csv
|
Maps action , change_type , command , object_category , result , and status fields using the eventCode field.
|
PREVIOUS Troubleshoot the Splunk Add-on for RSA SecurID CAS |
NEXT Source types for the Splunk Add-on for RSA SecurID CAS |
This documentation applies to the following versions of Splunk® Supported Add-ons: released
Feedback submitted, thanks!