Security & the Enterprise
Much secured. So patch!

Splunk ES Content Management Enable All

mikefg
Path Finder

Setting up a new ES install and looking at Content Management. It looks like there are a lot of Disabled items, mostly correlation search.

Are there any guidelines for which of these to enable?

Is enabling all of them a bad idea?

0 Karma
1 Solution

richgalloway
SplunkTrust
SplunkTrust

Yes, enabling them all is a bad idea.  That is why they are disabled by default.  One should enable the correlation searches that fit your data and Splunk use cases.

---
If this reply helps you, an upvote would be appreciated.

View solution in original post

richgalloway
SplunkTrust
SplunkTrust

Yes, enabling them all is a bad idea.  That is why they are disabled by default.  One should enable the correlation searches that fit your data and Splunk use cases.

---
If this reply helps you, an upvote would be appreciated.

mikefg
Path Finder

Thank you for the clarification.

0 Karma
Get Updates on the Splunk Community!

Improve Your Security Posture

Watch NowImprove Your Security PostureCustomers are at the center of everything we do at Splunk and security ...

Maximize the Value from Microsoft Defender with Splunk

 Watch NowJoin Splunk and Sens Consulting for this Security Edition Tech TalkWho should attend:  Security ...

This Week's Community Digest - Splunk Community Happenings [6.27.22]

Get the latest news and updates from the Splunk Community here! News From Splunk Answers ✍️ Splunk Answers is ...