Lookups for the Splunk Add-on for Cisco ISE
The Splunk Add-on for Cisco ISE has the following lookups. The lookup file maps fields from Cisco ISE systems to CIM-compliant values in the Splunk platform. The lookup files are located at $SPLUNK_HOME/etc/apps/Splunk_TA_cisco-ise/lookups
.
Filename | Description |
---|---|
cisco_ise_message_catalog_420.csv
|
Maps MESSAGE_CODE to MESSAGE_CLASS , MESSAGE_TEXT
|
cisco_ise_service.csv
|
Maps MESSAGE_CODE to SERVICE
|
cisco_ise_change_message_code_420.csv
|
Maps MESSAGE_CODE to change_type , command , object , object_attrs , object_category , result
|
Configure data collection using Splunk Connect for Syslog | Sourcetypes for the Splunk Add-on for Cisco ISE |
This documentation applies to the following versions of Splunk® Supported Add-ons: released
Feedback submitted, thanks!