Splunk Administrator

We are seeking a Splunk Administrator to monitor Splunk infrastructure, logs & dashboards for anomalies, and respond to alerts & incidents. The successful candidate will have strong hands-on experience with Splunk core, Linux, networking & cloud platforms, and familiarity with ITIL process.

Requirements

• Monitor Splunk infrastructure, logs & dashboards for anomalies.
• Respond to alerts & incidents as part of business support.
• Perform initial triage, escalate to L3 when required.
• Work on incident resolution within defined SLA’s.
• Document the RCA for major incidents.
• Ensure high availability & reliability of Splunk environments (indexers, SHs, forwarders, etc.).
• Perform routine health checks & system audits.
• Handle Splunk configuration changes (inputs.conf, outputs.conf, props.conf, etc.).
• Manage users' access & roles.
• Identifying & resolving performance bottlenecks in indexing & searching.
• Monitor ingestion rates, indexing latency, data missing & storage usage.
• Work on daily deployments to create, update, and delete the Splunk apps, add-ons & configuration in a controlled manner.
• Maintain & validate data onboarding process with BSA, BAs, etc.
• Using scripts (bash, Python, etc.) to automate routine tasks.
• Work with CI/CD pipelines for Splunk deployments.
• Integrate Splunk with tools like ServiceNow, AWS, git, Jenkins, etc.