Lookups for the Splunk Add-on for ServiceNow¶
The Splunk Add-on for ServiceNow has the following
lookups
in $SPLUNK_HOME/etc/apps/Splunk_TA_snow/lookups. Some of these are
included for integration and backwards compatibility with other
applications, and are not used as lookups for the add-on itself.
As dynamic CSV lookups are migrated to KV Store lookups, those lookups won’t have filename associated with them
| Filename/KV Store | Purpose |
|---|---|
snow_change_states.csv |
Maps state to a human-readable string. Note: This lookup is deprecated as it is used with display_value=false, which is deprecated as part of version 6.3.0. |
snow_cmdb_ci_app_server_lookup |
This lookup depends on the ServiceNow CMDB CI App Servers saved search included with the add-on. |
snow_cmdb_ci_db_instance_lookup |
This lookup depends on the ServiceNow CMDB CI DB Instances saved search included with the add-on. |
snow_cmdb_ci_infra_service_lookup |
This lookup depends on the ServiceNow CMDB CI Infra Services saved search included with the add-on. |
snow_cmdb_ci_list_lookup |
Looks up the cmdb_ci sys_id in incident events to populate affect_dest. This lookup depends on the ServiceNow CMDB CI List saved search included with the add-on. Note: This lookup and associated saved search is deprecated as it is used with display_value=false, which is deprecated as part of version 6.3.0. |
snow_cmdb_ci_server_lookup |
This lookup depends on the ServiceNow CMDB CI Server saved search included with the add-on. |
snow_cmdb_ci_service_lookup |
This lookup depends on the ServiceNow CMDB CI Services saved search included with the add-on. |
snow_cmdb_ci_vm_lookup |
This lookup depends on the ServiceNow CMDB CI VM saved search included with the add-on. |
snow_cmdb_rel_ci_lookup |
This lookup depends on the ServiceNow CMDB CI Relation saved search included with the add-on. |
snow_cmn_location_list_lookup |
Obtains detailed latitude and longitude information from the location field. This lookup depends on the ServiceNow CNM Location List saved search included with the add-on. |
snow_incident_state_lookup |
Maps a numerical incident state value to a human-readable string. Note: This lookup and associated saved search is deprecated as it is being used with display_value=false, which is deprecated as part of version 6.3.0. |
snow_problem_states.csv |
Maps a numerical problem state number to a human-readable string. Note: This lookup is deprecated as it is used with display_value=false, which is deprecated as part of version 6.3.0. |
snow_severities.csv |
Maps a numerical severity value to a human-readable string. Note: This lookup is deprecated as it is used with display_value=false, which is deprecated as part of version 6.3.0. |
snow_sys_choice_list_lookup |
Contains possible choices for database table columns. This lookup depends on the ServiceNow Sys Choice List saved search included with the add-on. |
snow_sys_user_group_list_lookup |
Maps user group IDs to user group names in incident, event, change, or problem events. This lookup depends on the ServiceNow Sys User Group List saved search included with the add-on. Note: This lookup and associated saved search is deprecated as it is used with display_value=false, which is deprecated as part of version 6.3.0. |
snow_sys_user_list_lookup |
Maps user IDs to user names in incident, event, change, or problem events. This lookup depends on the ServiceNow Sys User List saved search included with the add-on. |