Lookups for the Splunk Add-on for Unix and Linux¶
The Splunk Add-on for Unix and Linux contains the following lookup files:
| File Name | Description |
|---|---|
nix_da_update_status.csv |
Maps sourcetypes to required update status. |
nix_da_version_ranges.csv |
Maps sourcetypes to OS-provided version information. |
nix_endpoint_change_vendor_action.csv |
Maps actions for Windows registry and file system change notifications. |
nix_fs_notification_change_type.csv |
Maps sourcetypes and change types for file system change notifications. |
nix_linux_audit_action_object_category.csv |
Maps operations (op) to category and action for Linux audit logs. |
nix_object_category.csv |
Maps object and object_category for Windows registry and file system change notifications. |
nix_status.csv |
Maps status id and status for Windows registry and file system change notifications. |
nix_user_types.csv |
Maps sourcetypes and user types for Windows registry and file system change notifications. |
nix_vendor_actions.csv |
Maps vendor_action and action for security logs. |