
Configure search in
uses an embedded, preconfigured version of Splunk Enterprise as its native search engine. Your organization might want to use a different Splunk Enterprise deployment with or use an external Elasticsearch instance.
Configure to use an external Splunk Enterprise or Splunk Cloud instance for search
This table summarizes the available options for configuring a Splunk Enterprise or Splunk Cloud instance for search in .
Search Option | Description |
---|---|
Embedded Splunk Enterprise Instance | This is the default. No additional configuration is required. |
External Standalone Splunk Enterprise Instance | Use this option to connect your instance to a single, external instance of Splunk Enterprise or Splunk Cloud.
|
External Distributed Splunk Enterprise Instance | Use this option to connect your instance to a Splunk Enterprise or Splunk Cloud deployment that contains one or more search heads, or one or more indexers.
|
Integrating with Splunk Cloud requires the following additional information and actions:
- You must use a public certificate from a verified or trusted certificate authority (CA).
- You must contact Splunk Customer Support for assistance with Splunk Cloud integration. You will need to provide the path to your certificate and your CA.
- You must enable certificate verification on your assets.
Reindex data to make newly added information searchable
There are some situations where data coming in to can't be indexed, and therefore can't be searched. You can reindex information sections to make this information searchable. See Reindex data to make newly added information searchable in the Splunk Phantom Remote Search manual.
PREVIOUS Customize email templates in |
NEXT Configure Google Maps for visual geolocation data |
This documentation applies to the following versions of Splunk® SOAR (Cloud): current
Feedback submitted, thanks!