- Developing Application and Administrator.
- Work with onsite Splunk developers to deliver Splunk dashboards, reports and alerts Configuration in Splunk.
- Creating Reports and scheduling it and knowledge on constructing Splunk friendly regex expressions and optimising Splunk search queries.
- Filter and route events using Splunk forwarder.
- Configuration (indexes.conf, props.conf, transforms.conf, output.conf, inputs.conf, servers.conf).
- Installation and setup Splunk DB Connect App (Identifier, connecter) in Heavy Forwarder.
- Troubleshoot Splunk server and agent problems and issues.
- Configured the Deployment server with server class for various applications along with its repository folders.
- Creating Security applications data inputs into Splunk using Splunk integration methods FTP, DB Connect, UF and Http Event Collector.
- Created schedule alerts and ran using cron expressions with specific time ranges.
- Preparing Inventory, Assessment and Splunk AIG Documents.
- Installation HIDS and DAM agents in Production Environment.
- Involved in handling various Incident and Change request related to the application.
- Involved in installing and using Splunk app for windows and UNIX.
- Communicates directly application owners to collect required application data points (Login/Logout, Audit/History, ID Management, Profile Management).
Requirements:
Good Knowledge on Splunk Architecture, Administration and its Components.
- Hands on experience in writing SPL queries.
- In depth experience with Splunk Knowledge objects, (Saved Searches, tags, eventtypes, Macros, Lookups).
- Experience on Splunk Enterprise Deployments and enabled continuous integration on as part of
- Good Knowledge on Parsing, Indexing, Searching concepts Hot, Warm, Cold, Frozen bucketing.
- Experience in UNIX Operating System and Shell Script Writing.
- Good knowledge about Splunk index Cluster and Search Head Cluster environment.
- Good Experience in creating Data Models and Devops experience