Security & the Enterprise
Much secured. So patch!

Splunk ES Content Management Enable All

mikefg
Communicator

Setting up a new ES install and looking at Content Management. It looks like there are a lot of Disabled items, mostly correlation search.

Are there any guidelines for which of these to enable?

Is enabling all of them a bad idea?

0 Karma
1 Solution

richgalloway
SplunkTrust
SplunkTrust

Yes, enabling them all is a bad idea.  That is why they are disabled by default.  One should enable the correlation searches that fit your data and Splunk use cases.

---
If this reply helps you, Karma would be appreciated.

View solution in original post

richgalloway
SplunkTrust
SplunkTrust

Yes, enabling them all is a bad idea.  That is why they are disabled by default.  One should enable the correlation searches that fit your data and Splunk use cases.

---
If this reply helps you, Karma would be appreciated.

mikefg
Communicator

Thank you for the clarification.

0 Karma
Get Updates on the Splunk Community!

Introducing Ingest Actions: Filter, Mask, Route, Repeat

WATCH NOW Ingest Actions (IA) is the best new way to easily filter, mask and route your data in Splunk® ...

Splunk Forwarders and Forced Time Based Load Balancing

Splunk customers use universal forwarders to collect and send data to Splunk. A universal forwarder can send ...

NEW! Log Views in Splunk Observability Dashboards Gives Context From a Single Page

Today, Splunk Observability releases log views, a new feature for users to add their logs data from Splunk Log ...