All Apps and Add-ons
×

Are you a member of the Splunk Community?

Sign in or Register with your Splunk account to get your questions answered, access valuable resources and connect with experts!
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Is there a list with recommended indexes for Security Essentials?

dersa
Path Finder
‎01-14-2023 04:17 PM

Hi, 

is there a list with recommended indexes for Security Essentials? I have to build a PoC in a greenfield deployment and would like to create the indexes in a way that they are also usable in Enterprise Security.

thanks

Alex

Labels (3)
0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎01-14-2023 05:19 PM

Enterprise Security has a few required indexes, which you can find in the installation instructions.  SSE, however, has neither required nor recommended indexes.  That's because it and ES use *your* indexes where *you* choose to store *your* data in a way that makes the most sense to *you*.  If the data is onboarded in CIM-compliant ways and properly tagged then ES will find it.  In SSE, just edit the searches to use your index names (it's not a Production tool, anyway).

---
If this reply helps you, Karma would be appreciated.

View solution in original post

Reply
Solved! Jump to solution
Solution

richgalloway
SplunkTrust
SplunkTrust
‎01-14-2023 05:19 PM

Enterprise Security has a few required indexes, which you can find in the installation instructions.  SSE, however, has neither required nor recommended indexes.  That's because it and ES use *your* indexes where *you* choose to store *your* data in a way that makes the most sense to *you*.  If the data is onboarded in CIM-compliant ways and properly tagged then ES will find it.  In SSE, just edit the searches to use your index names (it's not a Production tool, anyway).

---
If this reply helps you, Karma would be appreciated.
Reply
Solved! Jump to solution

dersa
Path Finder
‎01-16-2023 03:02 AM

Thanks Rich!

0 Karma
Reply
Get Updates on the Splunk Community!

Automatic Discovery Part 1: What is Automatic Discovery in Splunk Observability Cloud ...

If you’ve ever deployed a new database cluster, spun up a caching layer, or added a load balancer, you know it ...

Real-Time Fraud Detection: How Splunk Dashboards Protect Financial Institutions

Financial fraud isn't slowing down. If anything, it's getting more sophisticated. Account takeovers, credit ...

Splunk + ThousandEyes: Correlate frontend, app, and network data to troubleshoot ...

 Are you tired of troubleshooting delays caused by siloed frontend, application, and network data? We've got a ...