Splunk® App for PCI Compliance

Installation and Configuration Manual

This documentation does not apply to the most recent version of Splunk® App for PCI Compliance. For documentation on the most recent version, go to the latest release.

Configure and deploy indexes

implements custom indexes for event storage. The indexes are defined across the apps provided with .

  • In a single instance deployment, the installation of Enterprise Security creates the indexes in the default path for data storage.
  • In a Splunk Cloud deployment, customers work with Splunk Support to set up, manage, and maintain their cloud index parameters. See Manage Splunk Cloud indexes in the Splunk Cloud User Manual.
  • In a distributed deployment, create the indexes on all Splunk platform indexers or search peers.

Index configuration

The indexes defined in do not provide configuration settings to address:

  • Multiple storage paths
  • Accelerated data models
  • Data retention
  • Bucket sizing
  • Use of volume parameters.

For detailed examples of configuring indexes, see indexes.conf.example in the Splunk Enterprise Admin Manual.

Indexes by app

App context Index Description
DA-ESS-ThreatIntelligence ioc Unused in this release.
threat_activity Contains events that result from a threat list match.
SA-EndpointProtection endpoint_summary Endpoint protection summary index.
SA-ThreatIntelligence notable Contains the notable events.
notable_summary Contains a stats summary of notable events used on select dashboards.
risk Contains the risk modifier events.
SA-NetworkProtection whois WHOIS data index.
Splunk_SA_CIM cim_summary Unused in this release.
cim_modactions Contains the adaptive response action events.
Splunk_SA_ExtremeSearch xtreme_contexts Contains the contexts for Extreme search.

Add-ons can include custom indexes defined in an indexes.conf file.

Index deployment

includes a tool to gather the indexes.conf and index-time props.conf and transforms.conf settings from all enabled apps and add-ons on the search head and assemble them into one add-on. For more details, see Determine which add-ons to deploy on indexers in this manual.

Last modified on 19 November, 2019
Customize the menu bar in   Configure users and roles

This documentation applies to the following versions of Splunk® App for PCI Compliance: 3.3.0, 3.3.1, 3.3.2, 3.3.3, 3.4.0, 3.4.1, 3.4.2, 3.5.0, 3.6.0, 3.6.1, 3.7.0, 3.7.1, 3.7.2, 3.8.0, 3.8.1

Acrobat logo Download manual
Acrobat logo Download this page

Was this topic useful?







You must be logged into splunk.com in order to post comments. Log in now.

Please try to keep this discussion focused on the content covered in this documentation topic. If you have a more general question about Splunk functionality or are experiencing a difficulty with Splunk, consider posting a question to Splunkbase Answers.

0 out of 1000 Characters