All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question

Avoid installing demo data ?

yeastie65
New Member
‎10-14-2019 04:07 AM

Hi contributors, many thanks for that interesting app. Is it possible to install it without demo data ?

0 Karma
Reply

David
Splunk Employee
Splunk Employee
‎10-14-2019 11:45 AM

If you would like to, you can decompress the download and delete the demo data lookups.

The csvs that are required for app functionality are documented here: https://docs.splunksecurityessentials.com/technical-details/lookups/ (note that this includes CSV-based lookups, which is what we're concerned about here, along with kvstore collections that you don't need to worry about.

That said, remember that the demo data is just a series of CSV files that never get indexed, so they don't clog up your indexes or use any license, and by default this data isn't replicated to the indexers so it won't increase bundle sizes. There is no technical problem associated with installing this app (including the demo data) on a production system. This is the same for most of the essentials apps, notably excluding Splunk Security Essentials for Fraud which ships with many GB of demo data.

0 Karma
Reply
Get Updates on the Splunk Community!

Enterprise Security Content Update (ESCU) | New Releases

In December, the Splunk Threat Research Team had 1 release of new security content via the Enterprise Security ...

Why am I not seeing the finding in Splunk Enterprise Security Analyst Queue?

(This is the first of a series of 2 blogs). Splunk Enterprise Security is a fantastic tool that offers robust ...

Index This | What are the 12 Days of Splunk-mas?

December 2024 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious!  We’re back with another ...