home

Mobile Endpoint Security

Mobile Endpoint SecuritySecurity Service Edge
Mobile Endpoint SecuritySecurity Service Edge

Lookout Product Documentation

Find answers about using and optimizing Lookout products.

Show Contents

Mobile Endpoint Security

Reviewing the Event Feed

Changing the Data Format and Stream Position

  1. In the top navigation bar, click Settings > Data Input, then click Scripts.
  2. Click the $SPLUNK_HOME/etc/apps/lookout/bin/main.py link in the Command column to open the Lookout script for editing:


  3. Modify the following as needed:


    FieldFormatDescription
    Intervalinteger / cron job

    The interval for fetching events. Defaults to 60s if left unset.

    You can set this either in seconds, or in cron job format as documented at https://crontab.guru/

    Source name overrideStringThe value to use for the source field, instead of lookout.
    Changing the streamPosition

    streamPosition is an integer value used by Lookout's Mobile Risk API. A request with no streamPosition, or streamPosition=0 tells the API to return the earliest events. Any other streamPosition tells the API to return the events that follow that streamPosition.

    The Lookout app fetches events for the API key you provide, starting from streamPosition=0. If you need to modify the streamPosition directly, you can modify the value in the Splunk Key-Value store:

  4. In the top navigation bar, click Datasets, then select lookout_kvstore.
  5. In the upper right corner, click Edit > Extend in Table.
  6. In the top menu, click Clean > Replace Values and modify the streamPosition as needed:


Last updated: November 20, 2024

lookout-footer

Legal Privacy Policy Cookie Policy Transparency Report Compliance Info Compliance Info (Gov)

© 2024 Lookout, Inc. LOOKOUT®, the Lookout Shield Design®, LOOKOUT with Shield Design® and the Lookout multi-color/multi-shaded Wingspan Design® are registered trademarks of Lookout, Inc. in the United States and other countries. DAY OF SHECURITY®, LOOKOUT MOBILE SECURITY®, and POWERED BY LOOKOUT® are registered trademarks of Lookout, Inc. in the United States. Lookout, Inc. maintains common law trademark rights in EVERYTHING IS OK, PROTECTED BY LOOKOUT, CIPHERCLOUD, and the 4 Bar Shield Design.