Lookups for the Splunk Add-on for Juniper¶
Lookup files are located in:
$SPLUNK_HOME/etc/apps/Splunk_TA_juniper/lookupson *nix systems%SPLUNK_HOME%\etc\apps\Splunk_TA_juniper\lookupson Windows systems
Lookup files map fields from Juniper Networks to Common Information Model (CIM)-compliant values in the Splunk platform. The Splunk Add-on for Juniper has the following lookups:
| Filename | Purpose |
|---|---|
| juniper_netscreen_firewall_actions.csv | Maps Netscreen vendor_action and action_type to action and status. |
| juniper_netscreen_firewall_ids_info.csv | Maps alert_id to ids_type and signature. |
| juniper_transport_protocols.csv | Maps transport_id to protocol and transport. |