You will be responsible for ensuring accurate onboarding, parsing, normalization, and quality of log data across enterprise Splunk environments. This includes making data usable for security analytics, dashboards, correlation searches, and reporting.
Key Responsibilities
* End-to-end log source onboarding & CIM alignment
* Field extraction, parsing, enrichment & normalization
* Ensuring data quality, governance & operational stability
Must Have Skills
* 5–10 years Splunk Administration & Data Onboarding experience
* Strong hands‐on experience with CIM (Common Information Model) normalization
* Strong knowledge of props.conf, transforms.conf, inputs.conf
* Hands‐on experience with SPL for validation, troubleshooting & data quality checks
* Experience in TA deployment & configuration across Splunk tiers
* Working knowledge of Indexer Clusters, Search Head Clusters & Forwarders
* Strong understanding of Splunk ingestion pipelines & hybrid environments (on‐prem + cloud)
Good to Have
* Splunk Enterprise Security (ES) experience
* HEC / API‐based ingestion
* ITSI / Observability exposure
* Splunk Certifications (Admin / Power User / ES Admin)
#J-18808-Ljbffr