Lookups for the Splunk Add-on for Tomcat¶
The Splunk Add-on for Tomcat has four lookups. The lookup files map fields from Tomcat systems to CIM-compliant values in the Splunk platform. The lookup files are located in $SPLUNK_HOME/etc/apps/Splunk_TA_tomcat/lookups.
| Filename | Description |
|---|---|
tomcat_severity.csv |
Maps the log_level field to a CIM-compliant value for the severity field. |
tomcat_http_status.csv |
Maps the status field to CIM-compliant value for the action field. |
tomcat_version_number_lookup |
This KV store lookup is populated with the version_number field in all events. Generated from the “Tomcat version number” saved search. |
tomcat_application_server_lookup |
This KV store lookup is populated with the application_server and appserver_port_number fields in all events. Generated from the “Tomcat application server” saved search. |
tomcat_thread_states.csv |
Maps the threadState field to thread_state defined by the ITSI AppServer data model. |