Which of the following is part of tuning correlation searches for a new ES installation?

Configuring the correlation notable event index is a critical part of tuning correlation searches in a new Splunk Enterprise Security (ES) installation. This process ensures that notable events generated from correlation searches are properly stored and indexed for further analysis and action. By establishing an appropriate index for these events, users can differentiate them from standard log data, making it easier to manage and investigate security incidents.

When tuning correlation searches, it’s vital to have a designated index where notable events can be quickly retrieved and analyzed. This helps in maintaining performance and ensures that security analysts have immediate access to relevant events, which enhances incident response capabilities. Additionally, configuring this index provides a way to optimize storage and performance based on the organization's specific needs.

The other options, while relevant to the overall functionality of Splunk ES, do not directly pertain to the initial and critical setup needed for correlation searches in the way that configuring the correlation notable event index does. This makes it foundational knowledge for any new ES deployment.