Splunk® Supported Add-ons

Splunk Add-on for Cisco ASA

Acrobat logo Download manual as PDF

Acrobat logo Download topic as PDF

Lookups for the Splunk Add-on for Cisco ASA

In version 3.4.0 and later of the Splunk Add-on for Cisco ASA, you must use the lookup file cisco_asa_action_lookup.csv instead of cisco_action_lookup.csv. For the corresponding stanza, cisco_action_lookup, use cisco_asa_action_lookup.

The Splunk Add-on for Cisco ASA provides the following lookups. The lookup files map fields from Cisco ASA systems to CIM-compliant values in the Splunk platform. The lookup files are located in $SPLUNK_HOME/etc/apps/Splunk_TA_cisco-asa/lookups:

File name Purpose
cisco_asa_action_lookup.csv Maps protocol_version and communication_protocol to protocol_version
cisco_asa_change_analysis_lookup.csv Maps message_id to change_class, change_description, change_type, and object_type.
cisco_asa_severity_lookup.csv Maps signature_id to vendor_severity and severity
cisco_asa_syslog_severity_lookup.csv Maps log_level to severity_level and description
cisco_asa_vendor_class_lookup.csv Maps the message_id from the event to vendor_class and vendor_definition.
cisco_asa_protocol.csv Maps transport to protocol.
cisco_asa_protocol_version.csv Maps protocol and communication_protocol to protocol_version.
Last modified on 13 October, 2020
PREVIOUS
Source types for the Splunk Add-on for Cisco ASA
  NEXT
Release notes for the Splunk Add-on for Cisco ASA

This documentation applies to the following versions of Splunk® Supported Add-ons: released


Was this documentation topic helpful?

You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters