Splunk Admin

Provide end-to-end technical oversight across all aspects of Splunk technology, including add-ons and knowledge objects, correlation searches, CIM Monitor and maintain Splunk performance, availability, and capacity Support large-scale deployments with data feeds from multiple tier deployment on premise data centers Manage all Splunk Premium apps such as ITSI, Splunk ES, Splunk UBA and predictive analysis use cases. Release & Patch Upgradation of Splunk UBA on Various Servers Versed in Splunk Knowledge objects, Saved Searches, Reports/Alerts Development. Manage data onboarding flow Inputs(inputs.conf), Parsing (Props & transforms), Indexin (indexes.conf) and Searching (Props & transforms) Create data summary creations (Summary Index, Report acceleration and Data model acceleration), extensively used most of knowledge objects & components in Splunk, implemented best practices in platform Maintain regulatory awareness and compliance Platform upgrades with ~150 Apps installed in the platform, which also require updates. Identifying badly written queries and fine tune them to consume less server resources and modifying data models, Knowledge objects etc. Develop Ansible playbooks to work on automation use cases Manage Hec / Rsyslog / syslog Ng / net-SNMP (version 3) / Db connects Support development of scripts (python, JavaScript, etc.) as needed in support of data collection or integration Manage AWS/Azure platforms (Needs to create EC2 instance and integrate all types (cloud watch, description, kinesis) of logs into Splunk)