Related Answers
Download topic as PDF
Lookups for the Splunk Add-on for Microsoft Cloud Services
The Splunk Add-on for Microsoft Cloud Services has the following lookups that map fields from Microsoft Cloud Services systems to Common Information Model (CIM)-compliant values in the Splunk platform. The lookup files are located in $SPLUNK_HOME/etc/apps/Splunk_TA_microsoft-cloudservices/lookups.
| Filename | Description |
|---|---|
| o365_certficate_status_lookup.csv | Maps a status field to a friendly description.
|
| o365_management_api_data_lookup.csv | Maps the management_api_data field to a friendly name.
|
| o365_model_lookup.csv | Maps Operation and ResultStatus to model_type,action, change_type, and object_category fields.
|
| o365_model_operation_only_lookup.csv | Maps Operation to model_type, action, change_type, and object_category fields.
|
| o365_status_lookup.csv | Maps ResultStatus to a CIM-compliant status value.
|
| o365_troubleshooting_error_code_lookup.csv | Maps o365_error to Problem, Problem Detail, Possible Reason, and Proposal values for the Troubleshooting dashboard.
|
| o365_troubleshooting_microsoft_error_code_lookup.csv | Maps microsoft_error_code to o365_error, Problem, Problem Detail, Possible Reason, and Proposal values for the Troubleshooting dashboard.
|
| mscs_vm_cpu_mem_storage.csv | Maps vm_size to cpu_cores, mem_capacity and storage_capacity.
|
| mscs_vm_ip.csv | Maps vm_id to private_ip and public_ip.
|
| mscs_vm_power_state.csv | Maps a power_state field to a common description.
|
Last modified on 01 June, 2023
This documentation applies to the following versions of Splunk® Supported Add-ons: released
Feedback submitted, thanks!