Sceikok this would be a static file that was uploaded?  I'm questioning the value of data I see in a field but was wondering if any of that could be dynamically generated by splunk.

Access Tracker is part of "Asset and identity" module for Splunk ES app

to access "inputlookup:access_tracker" you 1st need to add asset data/lookup by using

- From the Splunk menu bar, select Settings > Lookups > Lookup table files.
- Click New.
- Select a Destination App of SA-IdentityManagement.
- Select the lookup file to upload.
- Type the Destination filename that the lookup table file should have on the search head. The name should include the filename extension.
- For example, network_assets_from_CMDB.csv
- Click Save to save the lookup table file and return to the list of lookup table files.

Reference : https://docs.splunk.com/Documentation/ES/6.4.0/Admin/Configurenewassetoridentitylist

For more details on "Asset and Identity" Module follow

https://docs.splunk.com/Documentation/ES/6.4.0/Admin/Addassetandidentitydata

Hi @iherb_0718,

It should be in SA-AccessProtection app Lookup Definitions;

https://splunk_host:8000/en-US/manager/SA-AccessProtection/data/transforms/lookups?ns=SA-AccessProtection&pwnr=-&search=access_tracker

If this reply helps you an upvote is appreciated.