Splunk Enterprise Security

What are best practices to install Splunk & Splunk App for Enterprise Security on Windows or Linux?

splunk2015P
New Member

Hello,

I would like to know what are the steps to install and deploy Splunk & the Splunk App for Enterprise Security to avoid performance problems?

Any help please ?

Thanks

0 Karma

mdessus_splunk
Splunk Employee
Splunk Employee

Hello,

you should take care about:

  • Design your indexes to optimize the searches (do not mix huge proxy logs with small ids logs for ex.)
  • Policy retention in order to make sure that relevant data will be on fast disks
  • have multiple indexers than one big box
  • dedicate Search Head for ES (if others apps will be used)
  • tune datamodel acceleration based on your needs and data.
0 Karma
Get Updates on the Splunk Community!

.conf24 | Day 0

Hello Splunk Community! My name is Chris, and I'm based in Canberra, Australia's capital, and I travelled for ...

Enhance Security Visibility with Splunk Enterprise Security 7.1 through Threat ...

 (view in My Videos)Struggling with alert fatigue, lack of context, and prioritization around security ...

Troubleshooting the OpenTelemetry Collector

  In this tech talk, you’ll learn how to troubleshoot the OpenTelemetry collector - from checking the ...