It depends on what your needs are.
Our needs are that we want to onboard security relevant logs from Linux OS and looking for some standard Linux auditing recommendations or just what Splunk suggests. Just like how Microsoft has provided for Windows OS like https://docs.microsoft.com/en-us/windows-server/identity/ad-ds/plan/security-best-practices/audit-po...