Skip to main content


Splunk Lantern

Getting started with ES


This guide is designed to help you get started with Splunk Enterprise Security or to make improvements on your configuration to ensure you receive maximum value from the platform.

For information on installing or upgrading Splunk Enterprise Security, see the following Splunk Docs topics:

This Splunk Enterprise Security app is highly configurable, which helps you be effective in the fast-changing domain of Cyber Security. Because of that, it is highly recommended that installation and initial configuration is handled by Professional Services. If you are a cloud customer the installation is automated, but Professional Services are still recommended to assist with the configuration, including getting data in. 

After you have the application installed, the basic steps are the following. Click through this guide to learn more.

  1. Start sending your security-related data to Splunk using Common Information Model (CIM) compatible Technology Add-ons (TAs). These can be found on Splunkbase
  2. Validate data using the Common Information Model validation app.
  3. Start to configure assets and identities.
  4. Enable notable events to drive the use case (start with 2-3 high-impact use cases and get them understood and tuned).