I'm new to Splunk Enterprise Security but we do have Splunk to monitor and alert on our application logs.
Are there white papers about how to implement and scale an existing implementation?
1) What logs can you monitor with the Enterprise Security app?
2) With switches, routers, etc. sitting remotely do you recommend having a Splunk instance running on the remote location and using the Standalone Splunk instance to forward it to centralized indexers?
Hey @rchan11, For your first question:
You can learn more about the Splunk ES use cases by reading through the documentation here: http://docs.splunk.com/Documentation/ES/4.7.2/User/Domaindashboards and following relevant links.
There are also white papers and product briefs on this page: https://www.splunk.com/en_us/products/premium-solutions/splunk-enterprise-security.html
There is a virtual course available if you have a budget for that: https://www.splunk.com/view/SP-CAAAGCS