Splunk Data Administrator

Position- Splunk Data Administrator

Exp- 5+yrs

Skill- data onboarding, CIM normalization, tags/eventtypes, datamodel alignment

Job Type- Contract

Locations- Melbourne

JD-

• 5–10 years experience with Splunk administration and data onboarding (or equivalent depth).

• Strong practical knowledge of:

- CIM normalization, tags/event types, datamodel alignment

- Field extraction (regex, JSON/KV extraction), and troubleshooting parsing issues

- props.conf / transforms.conf, sourcetypes, timestamps, line-breaking

- TA installation/configuration and deployment patterns across Splunk tiers

• Experience with complex Splunk architectures:

- Indexer clusters, SH/SHC, forwarder management, deployment server

- Hybrid patterns (on-prem + cloud), connectivity, and ingestion strategies

• Comfortable writing and validating SPL for data quality and CIM compliance.

• Strong log source knowledge across common domains:

- Security: EDR, firewall, proxy, IAM/auth, VPN, email security

- Infrastructure: Windows, Linux, network devices, virtualization

- Cloud: AWS/Azure/GCP logging patterns (nice-to-have)

Interested candidates can share their updated resumes on ***email_hidden*** OR reach out to me on +61 2 90559939