Lookups for the Splunk Add-on for AWS
Lookup files are located in $SPLUNK_HOME/etc/apps/Splunk_TA_aws/lookups
on *nix systems and %SPLUNK_HOME%\etc\apps\Splunk_TA_aws\lookups
on Windows systems. Lookup files map fields from Amazon Web Services (AWS) to CIM-compliant values in the Splunk platform. The Splunk Add-on for AWS has the following lookups:
Lookup name | Purpose | |
---|---|---|
aws_config_action_lookup_741.csv | Maps the status field to a CIM-compliant value for the action field.
| |
aws_config_object_category_lookup_741.csv | Sorts the various AWS Config object categories into CIM-compliant values for the object_category field.
| |
aws_cloudtrail_action_status_741.csv | Maps the eventName and errorCode fields to CIM-compliant values for action and status .
| |
aws_cloudtrail_changetype_741.csv | Maps the eventSource to a CIM-compliant value for the change_type field.
| |
Maps ErrorCode to ErrorDetail , ErrorCode , ErrorDetail .
|
||
aws_log_sourcetype_modinput_741.csv | Maps sourcetype to modinput .
|
|
cloudfront_edge_location_lookup_741.csv | Maps the x_edge_location value to a human-readable edge_location_name .
| |
aws_vendor_product_aws_cloudtrail_741.csv | Defines CIM-compliant values for the vendor , product , and appfields based on the source type.
| |
aws_vpcflow_action_lookup_741.csv | Maps the numerical protocol code to a CIM-compliant protocol field and a human-readable field protocol_full_name .
| |
aws_vpcflow_protocol_code_lookup_741.csv | Maps the vpcflow_action field to a CIM-compliant action field.
| |
aws_vm_size_to_resources_741.csv | Maps the instance_type field to CIM-compliant cpu_cores , mem_capacity fields.
| |
aws_cloudwatch_guardduty_category_750.csv | Defines the value for CIM field category based on subject of the event.
|
PREVIOUS API reference for the Splunk Add-on for AWS |
NEXT Saved searches for the Splunk Add-on for AWS |
This documentation applies to the following versions of Splunk® Supported Add-ons: released, released
Feedback submitted, thanks!