Purpose:
Splunk Engineer will be responsible for Data Onboarding, CIM mapping, Cluster management.
Key Role Responsibilities:
1. Design and implement monitoring solutions for new and existing systems; utilising Splunk and/or other monitoring tools such as Elastic Search, aligned to client standard patterns. Also, contribute to the creation of new monitoring patterns where required.
2. Data onboarding: Requirements gathering, design, implementation, and testing, to onboard new data sources to Splunk – via Universal Forwarders, HTTP Event Collector, APIs, syslog etc.
3. Map data to Splunk CIM, to meet stakeholder and data governance requirements.
4. Deploy and configure Splunk premium add-ons (Enterprise Security and ITSI).
5. Provide level 2 technical support. Assist with level 3 incident and problem investigations, service risks and issues for Splunk Enterprise, Splunk Enterprise Security and Splunk ITSI.
6. Performance optimisation – Optimise existing and new search queries and dashboards to improve performance. Optimise platform design and configuration to enhance performance, architecture.
Skills and Experience:
7. Strong knowledge of Splunk architecture, administration, and custom development (Splunk certified admin / architect / developer or equivalent experience) across Splunk Enterprise, Splunk Enterprise Security and Splunk ITSI.
8. Experience administering and/or developing for an enterprise level implementation of Splunk (clustered architecture).
9. Proficient in Splunk query language (SPL) and experienced in developing and supporting custom.