I'm new to Splunk Enterprise Security but we do have Splunk to monitor and alert on our application logs.
Are there white papers about how to implement and scale an existing implementation?
1) What logs can you monitor with the Enterprise Security app?
2) With switches, routers, etc. sitting remotely do you recommend having a Splunk instance running on the remote location and using the Standalone Splunk instance to forward it to centralized indexers?