Lookups for the Splunk Add-on for Microsoft Cloud Services¶
The Splunk Add-on for Microsoft Cloud Services has the following lookups that map fields from Microsoft Cloud Services systems to Common Information Model (CIM)-compliant values in the Splunk platform. The lookup files are located in $SPLUNK_HOME/etc/apps/Splunk_TA_microsoft-cloudservices/lookups.
| Filename | Description |
|---|---|
| o365_certficate_status_lookup.csv | Maps a status field to a friendly description. |
| o365_management_api_data_lookup.csv | Maps the management_api_data field to a friendly name. |
| o365_model_lookup.csv | Maps Operation and ResultStatus to model_type,action, change_type, and object_category fields. |
| o365_model_operation_only_lookup.csv | Maps Operation to model_type, action, change_type, and object_category fields. |
| o365_status_lookup.csv | Maps ResultStatus to a CIM-compliant status value. |
| o365_troubleshooting_error_code_lookup.csv | Maps o365_error to Problem, Problem Detail, Possible Reason, and Proposal values for the Troubleshooting dashboard. |
| o365_troubleshooting_microsoft_error_code_lookup.csv | Maps microsoft_error_code to o365_error, Problem, Problem Detail, Possible Reason, and Proposal values for the Troubleshooting dashboard. |
| mscs_vm_cpu_mem_storage.csv | Maps vm_size to cpu_cores, mem_capacity and storage_capacity. |
| mscs_vm_ip.csv | Maps vm_id to private_ip and public_ip. |
| mscs_vm_power_state.csv | Maps a power_state field to a common description. |