Lookups for the Splunk Add-on for Cisco ESA
The Splunk Add-on for Cisco ESA provides lookups. The lookup files map fields from Cisco systems to CIM-compliant values in the Splunk platform. The lookup files are located in:
$SPLUNK_HOME/etc/apps/Splunk_TA_cisco-esa/lookups
on Unix based systems.%SPLUNK_HOME%\etc\apps\Splunk_TA_cisco-esa\lookups
on Windows systems.
Filename | Description |
---|---|
cisco_esa_authentication_action_lookup.csv
|
Maps vendor_action to action
|
cisco_esa_email_action_lookup.csv
|
Maps vendor_action to action
|
cisco_esa_proxy_status_action_lookup.csv
|
Maps status to proxy_action
|
cisco_esa_vendor_info_lookup_160.csv
|
Maps sourcetype to vendor , product , app
|
PREVIOUS Collect Syslog data using Splunk Connect for Syslog |
NEXT Source types for the Splunk Add-on for Cisco ESA |
This documentation applies to the following versions of Splunk® Supported Add-ons: released
Feedback submitted, thanks!