Solved: Could you help me with some questions about the Sp... - Splunk Community

All Apps and Add-ons

I have to install Splunk Security Essentials app in my distributed environment.

I gone through its documentation but I am still having a few queries

To activate this, do we need to give access of all index data to a user?
Will be there any performance issue since it checks all data ?

1 Solution

Solution

In order to utilize the searches, your user will need to have access to the indexes that contain the relevant data. Also, if you want to run the data source check, your user will need access to the data sources it is checking for.
Any resource usage will only happen when you run the data source check. It is not a continuously running thing.

View solution in original post

Solution

In order to utilize the searches, your user will need to have access to the indexes that contain the relevant data. Also, if you want to run the data source check, your user will need access to the data sources it is checking for.
Any resource usage will only happen when you run the data source check. It is not a continuously running thing.

thanks @kmorris for your inputs

Get Updates on the Splunk Community!

Mastering Data Pipelines: Unlocking Value with Splunk

In today's AI-driven world, organizations must balance the challenges of managing the explosion of data with ...

The Latest Cisco Integrations With Splunk Platform!

Join us for an exciting tech talk where we’ll explore the latest integrations in Cisco + Splunk! We’ve ...

AI Adoption Hub Launch | Curated Resources to Get Started with AI in Splunk

Hey Splunk Practitioners and AI Enthusiasts! It’s no secret (or surprise) that AI is at the forefront of ...