Solved: Could you help me with some questions about the Sp... - Splunk Community

All Apps and Add-ons

I have to install Splunk Security Essentials app in my distributed environment.

I gone through its documentation but I am still having a few queries

To activate this, do we need to give access of all index data to a user?
Will be there any performance issue since it checks all data ?

1 Solution

Solution

In order to utilize the searches, your user will need to have access to the indexes that contain the relevant data. Also, if you want to run the data source check, your user will need access to the data sources it is checking for.
Any resource usage will only happen when you run the data source check. It is not a continuously running thing.

View solution in original post

Solution

In order to utilize the searches, your user will need to have access to the indexes that contain the relevant data. Also, if you want to run the data source check, your user will need access to the data sources it is checking for.
Any resource usage will only happen when you run the data source check. It is not a continuously running thing.

thanks @kmorris for your inputs

Get Updates on the Splunk Community!

Index This | How many sides does a circle have?

March 2025 Edition Hayyy Splunk Education Enthusiasts and the Eternally Curious! We’re back with this ...

New This Month - Splunk Observability updates and improvements for faster ...

What’s New? This month, we’re delivering several enhancements across Splunk Observability Cloud for faster and ...

What's New in Splunk Cloud Platform 9.3.2411?

Hey Splunky People! We are excited to share the latest updates in Splunk Cloud Platform 9.3.2411. This release ...