Splunk Enterprise Security

What are best practices to install Splunk & Splunk App for Enterprise Security on Windows or Linux?

splunk2015P
New Member

Hello,

I would like to know what are the steps to install and deploy Splunk & the Splunk App for Enterprise Security to avoid performance problems?

Any help please ?

Thanks

0 Karma

mdessus_splunk
Splunk Employee
Splunk Employee

Hello,

you should take care about:

  • Design your indexes to optimize the searches (do not mix huge proxy logs with small ids logs for ex.)
  • Policy retention in order to make sure that relevant data will be on fast disks
  • have multiple indexers than one big box
  • dedicate Search Head for ES (if others apps will be used)
  • tune datamodel acceleration based on your needs and data.
0 Karma
Get Updates on the Splunk Community!

Now Available: Cisco Talos Threat Intelligence Integrations for Splunk Security Cloud ...

At .conf24, we shared that we were in the process of integrating Cisco Talos threat intelligence into Splunk ...

Preparing your Splunk Environment for OpenSSL3

The Splunk platform will transition to OpenSSL version 3 in a future release. Actions are required to prepare ...

Easily Improve Agent Saturation with the Splunk Add-on for OpenTelemetry Collector

Agent Saturation What and Whys In application performance monitoring, saturation is defined as the total load ...