Lookups for the Splunk Add-on for Infoblox¶
The Splunk Add-on for Infoblox has 3 lookups. The lookup files map fields from Infoblox systems to CIM-compliant values in the Splunk platform. The lookup files are located in $SPLUNK_HOME/etc/apps/Splunk_TA_infoblox/lookups.
| Filename | Description |
|---|---|
infoblox_dns_query_type.csv |
Maps the_query_type, such as A and SRV, to expected values required by DNS model. |
infoblox_dns_reply_code_id.csv |
Maps reply_code_id to reply_code. |
infoblox_severity_lookup |
Maps severity_id to expected values required by Intrusion Detection and Alert Models. |