Skip to content

Lookups for the Splunk Add-on for Cisco ISE

The Splunk Add-on for Cisco ISE has the following lookups. The lookup file maps fields from Cisco ISE systems to CIM-compliant values in the Splunk platform. The lookup files are located at $SPLUNK_HOME/etc/apps/Splunk_TA_cisco-ise/lookups.

Filename Description
cisco_ise_message_catalog_420.csv Maps MESSAGE_CODE to MESSAGE_CLASS, MESSAGE_TEXT
cisco_ise_service.csv Maps MESSAGE_CODE to SERVICE
cisco_ise_change_message_code_420.csv Maps MESSAGE_CODE to change_type, command, object, object_attrs, object_category, result