- Hands on experience in design, implementation of Splunk architecture.
- Experience on Linux and Windows administration
- Able to do data onboarding, fields extraction according to Splunk best practices.
- Able to provide Splunk guide and Splunk operation document
- Able to setup forwarders and onboard new data sources into the environment.
- Able to troubleshoot and identify Splunk issue relating to performance and searches.
- Able to fine tune Splunk use cases (rule) and optimize searches performance.
- Able to create new dashboard to enhance the visualization of the data and create Splunk use cases for alerts/reports.
- Knowledge on index segregation and user restriction setup
- Knowledge on using Splunk Enterprise Security
- Able to do Common Informational Model for Enterprise Security.
- Good in communication and able to understand the requirements.
x
