Splunk® Supported Add-ons

Splunk Add-on for Okta Identity Cloud


Lookups for the Splunk Add-on for Okta Identity Cloud

The Splunk Add-on for Okta Identity Cloud has the following lookups. The CSV lookup files are located in $SPLUNK_HOME/etc/apps/Splunk_TA_okta_identity_cloud /lookups.

File name Description
okta2_eventType_related_info_220.csv CSV Lookup. Maps eventTypes with related CIM fields - change_type, object_category, and object_attrs
okta2_system_log.csv CSV Lookup. Provides an enriched information about eventType by mapping fields like admin_interest, security_interest, release_note_date, event_type_description, event_type_tags with respective eventTypes.
okta2_app_assigned_group_lookup KVStore Lookup. Maps app_id with group_id. This lookup is populated when the saved search "Okta2 app group" runs. The lookup populates fields such as - app_id, app_name, app_label, group_id
okta2_app_detail_lookup KVStore Lookup. This lookup is populated when "Okta2 app detail" when saved search runs. The lookup populates app fields such as id, name, label, created, lastUpdated, status, and signOnMode.
okta2_group_detail_lookup KVStore Lookup. This lookup is populated when "Okta2 group detail" when saved search is run. The lookup populates group's fields such as id, type, name, description, usersCount, appsCount, groupPushMappingsCount, app_id.
okta2_user_detail_lookup KVStore Lookup. This lookup is populated when "Okta2 user detail" savedsearch is run. The lookup populates user fields like user_id, firstName, lastName, loginName, email, secondEmail, primaryPhone, mobilePhone, state, city, countryCode, zipCode, streetAddress, status, created_time, lastUpdated_time, lastLogin_time, activated_time.
okta2_group_member_lookup KVStore Lookup. This lookup is populated when "​​Okta2 group member" savedsearch is run. The lookup stores the fields group_id, group_name, user_id and user_name.
okta2_app_assigned_user_lookup KVStore Lookup. This lookup is populated when "Okta2 app user" savedsearch is run. The lookup stores the fields app_id, app_name, app_label, user_name and user_id.
Last modified on 03 September, 2024
Source and event types for the Splunk Add-on for Okta Identity Cloud   CIM compatibility of Okta System Logs

This documentation applies to the following versions of Splunk® Supported Add-ons: released

Acrobat logo Download manual
Acrobat logo Download this page

Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters