Lookups for the Splunk Add-on for ServiceNow

The Splunk Add-on for ServiceNow has the following lookups in $SPLUNK_HOME/etc/apps/Splunk_TA_snow/lookups. Some of these are included for integration and backwards compatibility with other applications, and are not used as lookups for the add-on itself.

As dynamic CSV lookups are migrated to KV Store lookups, those lookups won't have filename associated with them

Filename/KV Store	Purpose
`snow_change_states.csv`	Maps `state` to a human-readable string. This lookup is deprecated as it is being used with `display_value=false`, which is deprecated as part of version 6.3.0
`snow_cmdb_ci_app_server_lookup`	This lookup depends on the ServiceNow CMDB CI App Servers saved search included with the add-on.
`snow_cmdb_ci_db_instance_lookup`	This lookup depends on the ServiceNow CMDB CI DB Instances saved search included with the add-on.
`snow_cmdb_ci_infra_service_lookup`	This lookup depends on the ServiceNow CMDB CI Infra Services saved search included with the add-on.
`snow_cmdb_ci_list_lookup`	Looks up the `cmdb_ci` sys_id in incident events to populate `affect_dest`. This lookup depends on the ServiceNow CMDB CI List saved search included with the add-on. This lookup and associated saved search is deprecated as it is being used with `display_value=false`, which is deprecated as part of version 6.3.0
`snow_cmdb_ci_server_lookup`	This lookup depends on the ServiceNow CMDB CI Server saved search included with the add-on.
`snow_cmdb_ci_service_lookup`	This lookup depends on the ServiceNow CMDB CI Services saved search included with the add-on.
`snow_cmdb_ci_vm_lookup`	This lookup depends on the ServiceNow CMDB CI VM saved search included with the add-on.
`snow_cmdb_rel_ci_lookup`	This lookup depends on the ServiceNow CMDB CI Relation saved search included with the add-on.
`snow_cmn_location_list_lookup`	Obtains detailed latitude and longitude information from the `location` field. This lookup depends on the ServiceNow CNM Location List saved search included with the add-on.
`snow_incident_state_lookup`	Maps a numerical incident state value to a human-readable string. This lookup and associated saved search is deprecated as it is being used with `display_value=false`, which is deprecated as part of version 6.3.0
`snow_problem_states.csv`	Maps a numerical problem state number to a human-readable string. This lookup is deprecated as it is being used with `display_value=false`, which is deprecated as part of version 6.3.0
`snow_severities.csv`	Maps a numerical severity value to a human-readable string. This lookup is deprecated as it is being used with `display_value=false`, which is deprecated as part of version 6.3.0
`snow_sys_choice_list_lookup`	Contains possible choices for database table columns. This lookup depends on the ServiceNow Sys Choice List saved search included with the add-on.
`snow_sys_user_group_list_lookup`	Maps user group IDs to user group names in incident, event, change, or problem events. This lookup depends on the ServiceNow Sys User Group List saved search included with the add-on. This lookup and associated saved search is deprecated as it is being used with `display_value=false`, which is deprecated as part of version 6.3.0
`snow_sys_user_list_lookup`	Maps user IDs to user names in incident, event, change, or problem events. This lookup depends on the ServiceNow Sys User List saved search included with the add-on.

Splunk Add-on for ServiceNow

Related Answers

Lookups for the Splunk Add-on for ServiceNow

Comments