Lookups for the Splunk Add-on for Cisco ESA¶
The Splunk Add-on for Cisco ESA provides lookups. The lookup files map fields from Cisco systems to CIM-compliant values in the Splunk platform. The lookup files are located in:
$SPLUNK_HOME/etc/apps/Splunk_TA_cisco-esa/lookupson Unix based systems.%SPLUNK_HOME%\etc\apps\Splunk_TA_cisco-esa\lookupson Windows systems.
| Filename | Description |
|---|---|
cisco_esa_authentication_action_lookup.csv |
Maps vendor_action to action |
cisco_esa_email_action_lookup.csv |
Maps vendor_action to action |
cisco_esa_proxy_status_action_lookup.csv |
Maps status to proxy_action |
cisco_esa_vendor_info_lookup_160.csv |
Maps sourcetype to vendor, product, app |