Hi there,
Here's what I've gathered:
Potential Reasons for Override:
- Consistency: OneIdentity might strive for consistent parameter naming across its apps and transforms, aligning with internal conventions or broader Splunk best practices.
- Functionality: Specific features or integrations within the OneIdentity-Safeguard app might necessitate these parameter names for proper operation.
- Security Considerations: Potential security enhancements or data handling requirements could be driving the parameter name modifications.
Next Steps:
- Consult Documentation: Thoroughly review the OneIdentity-Safeguard app's documentation for any explicit explanations regarding the parameter name changes.
- Reach Out to OneIdentity: If documentation doesn't provide clarity, engage OneIdentity's support or community forums for direct answers from experts.
- Adapt Searches: Adjust your existing Splunk searches and dashboards to accommodate the new parameter names (e.g., using ip instead of clientip).
Additional Considerations:
- Customizations: If you've made custom modifications to the dnslookup transform, carefully review and update them to align with the new parameter names.
- Third-Party Apps: If you're using third-party apps that rely on the dnslookup transform, ensure compatibility with the updated parameter names.
Key Points:
- It's crucial to understand the rationale behind such changes to ensure smooth integration with other apps and maintain data integrity.
- Collaboration with OneIdentity or their community can provide valuable insights and best practices.
- Proactive adaptation of searches and configurations will maintain the functionality of your Splunk environment.
~ If the reply helps, a Karma upvote would be appreciated