Splunk Enterprise Security
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Questions about getting started with Splunk Enterprise Security

rchan11
Explorer
‎09-14-2017 01:23 PM

Hi,

I'm new to Splunk Enterprise Security but we do have Splunk to monitor and alert on our application logs.

Are there white papers about how to implement and scale an existing implementation?

1) What logs can you monitor with the Enterprise Security app?
2) With switches, routers, etc. sitting remotely do you recommend having a Splunk instance running on the remote location and using the Standalone Splunk instance to forward it to centralized indexers?

Thanks,
Ryan

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

ChrisG
Splunk Employee
Splunk Employee
‎09-14-2017 02:45 PM

There is deployment and scaling information in the Installation Manual, see Deployment planning.

You should also definitely read the Data source planning topic.

There are also use cases and a correlation search tutorial, in addition to the dashboard information that lfedak pointed out.

View solution in original post

Reply
Solved! Jump to solution
Solution

ChrisG
Splunk Employee
Splunk Employee
‎09-14-2017 02:45 PM

There is deployment and scaling information in the Installation Manual, see Deployment planning.

You should also definitely read the Data source planning topic.

There are also use cases and a correlation search tutorial, in addition to the dashboard information that lfedak pointed out.

Reply
Solved! Jump to solution

lfedak_splunk
Splunk Employee
Splunk Employee
‎09-14-2017 01:48 PM

Hey @rchan11, For your first question:
You can learn more about the Splunk ES use cases by reading through the documentation here: http://docs.splunk.com/Documentation/ES/4.7.2/User/Domaindashboards and following relevant links.
There are also white papers and product briefs on this page: https://www.splunk.com/en_us/products/premium-solutions/splunk-enterprise-security.html
There is a virtual course available if you have a budget for that: https://www.splunk.com/view/SP-CAAAGCS

0 Karma
Reply
Solved! Jump to solution

ChrisG
Splunk Employee
Splunk Employee
‎09-14-2017 02:46 PM

Here is the correct link to the Enterprise Security course description: https://www.splunk.com/view/SP-CAAAGCS

0 Karma
Reply
Get Updates on the Splunk Community!

Cloud Platform & Enterprise: Classic Dashboard Export Feature Deprecation

As of Splunk Cloud Platform 9.3.2408 and Splunk Enterprise 9.4, classic dashboard export features are now ...

Explore the Latest Educational Offerings from Splunk (November Releases)

At Splunk Education, we are committed to providing a robust learning experience for all users, regardless of ...

New This Month in Splunk Observability Cloud - Metrics Usage Analytics, Enhanced K8s ...

The latest enhancements across the Splunk Observability portfolio deliver greater flexibility, better data and ...