We have ES installed and we managed to map a couple of our indexes to the proper data models (using the tags) which we accelerated and then the corresponding dashboards show data and it does look impressive ; -)
So, we started the process. Now I wonder what we need to do to fully enable ES here.
I would recommend you begin with the ES training on using and administering it. ES is a platform application there is no simple list of steps.
https://www.splunk.com/en_us/training/courses/using-splunk-enterprise-security.html
https://www.splunk.com/en_us/training/courses/administering-splunk-enterprise-security.html
I would recommend you begin with the ES training on using and administering it. ES is a platform application there is no simple list of steps.
https://www.splunk.com/en_us/training/courses/using-splunk-enterprise-security.html
https://www.splunk.com/en_us/training/courses/administering-splunk-enterprise-security.html
Thank you @starcher.
The docs on ES are also good. skimming them is helpful https://docs.splunk.com/Documentation/ES/5.3.0/Admin/Formatassetoridentitylist
Thank you!!