All Apps and Add-ons

Is there a list with recommended indexes for Security Essentials?

dersa
Path Finder

Hi, 

is there a list with recommended indexes for Security Essentials? I have to build a PoC in a greenfield deployment and would like to create the indexes in a way that they are also usable in Enterprise Security.

thanks

Alex

Labels (3)
0 Karma
1 Solution

richgalloway
SplunkTrust
SplunkTrust

Enterprise Security has a few required indexes, which you can find in the installation instructions.  SSE, however, has neither required nor recommended indexes.  That's because it and ES use *your* indexes where *you* choose to store *your* data in a way that makes the most sense to *you*.  If the data is onboarded in CIM-compliant ways and properly tagged then ES will find it.  In SSE, just edit the searches to use your index names (it's not a Production tool, anyway).

---
If this reply helps you, Karma would be appreciated.

View solution in original post

richgalloway
SplunkTrust
SplunkTrust

Enterprise Security has a few required indexes, which you can find in the installation instructions.  SSE, however, has neither required nor recommended indexes.  That's because it and ES use *your* indexes where *you* choose to store *your* data in a way that makes the most sense to *you*.  If the data is onboarded in CIM-compliant ways and properly tagged then ES will find it.  In SSE, just edit the searches to use your index names (it's not a Production tool, anyway).

---
If this reply helps you, Karma would be appreciated.

dersa
Path Finder

Thanks Rich!

0 Karma
Get Updates on the Splunk Community!

Splunk Decoded: Service Maps vs Service Analyzer Tree View vs Flow Maps

It’s Monday morning, and your phone is buzzing with alert escalations – your customer-facing portal is running ...

What’s New in Splunk Observability – September 2025

What's NewWe are excited to announce the latest enhancements to Splunk Observability, designed to help ITOps ...

Fun with Regular Expression - multiples of nine

Fun with Regular Expression - multiples of nineThis challenge was first posted on Slack #regex channel ...