Solved: Is there a list with recommended indexes for Secur...

dersa · ‎01-14-2023

Hi,

is there a list with recommended indexes for Security Essentials? I have to build a PoC in a greenfield deployment and would like to create the indexes in a way that they are also usable in Enterprise Security.

thanks

Alex

richgalloway · ‎01-14-2023

Enterprise Security has a few required indexes, which you can find in the installation instructions. SSE, however, has neither required nor recommended indexes. That's because it and ES use *your* indexes where *you* choose to store *your* data in a way that makes the most sense to *you*. If the data is onboarded in CIM-compliant ways and properly tagged then ES will find it. In SSE, just edit the searches to use your index names (it's not a Production tool, anyway).

---
If this reply helps you, Karma would be appreciated.

View solution in original post

richgalloway · ‎01-14-2023

Enterprise Security has a few required indexes, which you can find in the installation instructions. SSE, however, has neither required nor recommended indexes. That's because it and ES use *your* indexes where *you* choose to store *your* data in a way that makes the most sense to *you*. If the data is onboarded in CIM-compliant ways and properly tagged then ES will find it. In SSE, just edit the searches to use your index names (it's not a Production tool, anyway).

---
If this reply helps you, Karma would be appreciated.

dersa · ‎01-16-2023

Thanks Rich!

Is there a list with recommended indexes for Security Essentials?

administration

configuration

installation

Best Strategies to Optimize Observability Costs

Fueling your curiosity with new Splunk ILT and eLearning courses

Splunk AI Assistant for SPL 1.1.0 | Now Personalized to Your Environment for Greater ...