10+ Years || Splunk Administrator || Remote

Dear Vendors,

I hope this email finds you well.

Position: Splunk Administrator
Location: Remote

Client: HCL

Duration: Long Term

Job description:

1. Splunk Infrastructure Management:

·         Monitor and optimize the performance of Splunk clusters to ensure efficient data processing and search capabilities.

·         Troubleshoot and resolve issues related to Splunk infrastructure, ensuring high availability and reliability.

·         Experience in Splunk Cloud Infrastructure.

2. Data Ingestion and Parsing:

·         Design and implement data ingestion strategies for various log sources into Splunk.

·         Develop and maintain parsing configurations to normalize and enrich incoming data for effective analysis.

·         Collaborate with application owners and IT teams to onboard new data sources into Splunk.

3. Search and Reporting:

·         Create and optimize search queries and reports to extract valuable insights from the indexed data.

·         Customize and implement Splunk dashboards for different stakeholders to visualize key performance indicators and security metrics.

4. Security and Compliance:

·         Implement security best practices within Splunk to safeguard sensitive data.

·         Collaborate with the security team to configure and monitor alerts for suspicious activities or security incidents.

·         Ensure compliance with industry regulations and internal policies related to log management and data retention.

5. Automation and Scripting:

·         Develop automation scripts using SPL (Search Processing Language) and other scripting languages to streamline administrative tasks.

·         Continuously seek opportunities to improve efficiency through automation in Splunk processes.

6. Documentation and Training:

·         Maintain thorough documentation of Splunk configurations, processes, and troubleshooting procedures.

Provide training and support to other IT team members on Splunk best practices and usage