Splunk Tech Talks
Deep-dives for technical practitioners.

7 Tips To Boost Performance of Your Splunk Enterprise Security Operations

Splunk Employee
Splunk Employee

View our Tech Talk: Security Edition,  7 Tips To Boost Performance of Your Splunk Enterprise Security Operations 

Sizing is difficult. Any miscalculations could prove time-consuming and expensive. As the volume of generated data inevitably grows, Enterprise Security deployments potentially face additional infrastructure costs to meet the increased demand. Before you bust out the checkbook, let’s determine if you have sufficient visibility into your ES deployment and ensure you are using all available resources. In this Tech Talk we will present seven tips—indexing scoping, scheduling skew, data model acceleration parallelization, verifying TAs, key performance indicators in the Monitoring Console, assets and identities optimization, and capacity planning—to boost search times and ES infrastructure scalability. No hardware left behind!

Tune in to learn how:

  • To optimize CPU and Memory usage to achieve considerable costs savings 
  • The built-in monitoring console and Enterprise Security auditing page can provide better visibility into how your SIEM is performing
  • To empower your team with bottleneck root cause analysis and performance tuning skills to scale your ES operations

Tech Talk discussions will be open for two weeks after the live Talk. To continue the conversation, follow the Splunk Answers tag of  Splunk Enterprise Security.