Lookups for the Splunk App for AWS
The Splunk App for AWS includes lookups that map data from AWS to support dashboard displays. The lookup files are located in
$SPLUNK_HOME/etc/apps/splunk_app_aws/lookups
.
Filename | Purpose |
---|---|
all_eventName.csv
|
Maps IAM event names to an alert level and boolean for notable event status. |
regions.csv
|
Maps AWS region strings to latitude and longitude calculations and friendly names. |
unauthorized_errorCode.csv
|
Maps four variations on unauthorized error strings to a boolean value. |
Saved searches for the Splunk App for AWS | Data models for the Splunk App for AWS |
This documentation applies to the following versions of Splunk® App for AWS (Legacy): 4.1.0, 4.1.1, 4.2.0, 4.2.1
Feedback submitted, thanks!