In this session, we explore solutions to some of the more common challenges our users may face when deploying Splunk Enterprise Security (ES). We look at a range of issues experienced in the real world, and how to best identify and address them as they arise. You’ll learn how to troubleshoot correlation rules, identify events in your data models, as well as determine important metrics for indicating high performance within your environment.
Watch this .conf18 session to learn:
- The fundamentals of Splunk Enterprise Security
- How and where to increase performance
- How to tune correlation rules and under-the-hood infrastructure