Added the support for the latest Splunk Common Information Model version 4.19
Support for Okta version 2021.04.0
52% search-time performance for sourcetype=OktaIm2:log
Updated lookup definition for okta2_eventType_related_info.csv to remove status evaluation from lookup file and evaluate it independently using eval
Introduced new lookup okta2_eventtype_alert_lookup.csv added for evaluating alert CIM field “type” based on eventType
CIM fields user_agent, reason, body, description among others will no longer evaluate “null” or “unknown” as this is similar to being not available and hence will not be evaluated.