Lookups for the Splunk Add-on for Microsoft SCOM¶
The Splunk Add-on for Microsoft SCOM has the following lookups that map fields from Microsoft SCOM systems to CIM-compliant and Splunk IT Service Intelligence values in the Splunk platform. You can find the lookup files in $SPLUNK_HOME/etc/apps/Splunk_TA_microsoft-scom/lookups.
| Filename | Description |
|---|---|
ms_scom_alert_severity.csv |
The SCOM alert severity lookup maps the severity from SCOM alert to a CIM-compliant string. |
| ms_scom_countername_to_datamodel_4.3.0.csv | Applies to performance data. Lookup uses the value of the “countername” field to map event to the appropriate performance category in CIM. |
ms_scom_alert_type.csv |
The SCOM alert type lookup uses the severity value from SCOM events to map to the “type” CIM field from the Alerts Data Model with a CIM-compliant string. |
ms_scom_datamodel.csv |
Data Model Association for RuleNames |