· Hands on experience in design, implementation of Splunk architecture.
· Experience on Linux and Windows administration
· Able to do data onboarding, fields extraction according to Splunk best practices.
· Able to provide Splunk guide and Splunk operation document
· Able to setup forwarders and onboard new data sources into the environment.
· Able to troubleshoot and identify Splunk issue relating to performance and searches.
· Able to fine tune Splunk use cases (rule) and optimize searches performance.
· Able to create new dashboard to enhance the visualization of the data and create Splunk use cases for alerts/reports.
· Knowledge on index segregation and user restriction setup
· Knowledge on using Splunk Enterprise Security
· Able to do Common Informational Model for Enterprise Security.
· Good in communication and able to understand the requirements.