All Apps and Add-ons

LOOKUP-netfilter-action returns an action of "dropped" which is not compliant with the CIM's Network Traffic data model

Path Finder

The TA has a lookup file called netfilter_action.csv for setting the value of 'action' based on the value of ACTION. In some cases it sets cim_action (which is subsequently used for the value of 'action' by the LOOKUP-netfilter_actions command) to 'dropped' but "dropped" is not a permitted value in the Network Traffic data model.

Is this an error, or am I missing something here?

0 Karma


Thanks very much @chris_barrett, you're absolutely correct and my apologies for a delayed response. The app has now been updated on Splunkbase.

0 Karma

Esteemed Legend

I have asked the author to chime in!

0 Karma
.conf21 CFS Extended through 5/20!

Don't miss your chance
to share your Splunk
wisdom in-person or
virtually at .conf21!

Call for Speakers has
been extended through
Thursday, 5/20!