Splunk® Supported Add-ons

Splunk Add-on for Cisco ESA

Acrobat logo Download manual as PDF

Acrobat logo Download topic as PDF

Lookups for the Splunk Add-on for Cisco ESA

The Splunk Add-on for Cisco ESA has four lookups. The lookup files map fields from Cisco systems to CIM-compliant values in the Splunk platform. The lookup files are located in:

  • $SPLUNK_HOME/etc/apps/Splunk_TA_cisco-esa/lookups on Unix based systems.
  • %SPLUNK_HOME%\etc\apps\Splunk_TA_cisco-esa\lookups on Windows systems.
Filename Description
cisco_esa_authentication_action_lookup.csv Maps vendor_action to action
cisco_esa_email_action_lookup.csv Maps vendor_action to action
cisco_esa_proxy_status_action_lookup.csv Maps status to proxy_action
cisco_esa_vendor_info_lookup.csv Maps sourcetype to vendor, product, app
Last modified on 01 September, 2020
Collect Syslog data using Splunk Connect for Syslog
Source types for the Splunk Add-on for Cisco ESA

This documentation applies to the following versions of Splunk® Supported Add-ons: released

Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters