Splunk Enterprise Security
Highlighted

What are best practices to install Splunk & Splunk App for Enterprise Security on Windows or Linux?

New Member

Hello,

I would like to know what are the steps to install and deploy Splunk & the Splunk App for Enterprise Security to avoid performance problems?

Any help please ?

Thanks

0 Karma
Highlighted

Re: What are best practices to install Splunk & Splunk App for Enterprise Security on Windows or Linux?

Splunk Employee
Splunk Employee

Hello,

you should take care about:

  • Design your indexes to optimize the searches (do not mix huge proxy logs with small ids logs for ex.)
  • Policy retention in order to make sure that relevant data will be on fast disks
  • have multiple indexers than one big box
  • dedicate Search Head for ES (if others apps will be used)
  • tune datamodel acceleration based on your needs and data.
0 Karma