Tag: Power user

Splunk Overview on User roles

Posted on by HQW

Splunk roles decide what the user can see, do, interact with Splunk with the access. 

    • Admin: role is the powerful role in the list of roles.
      •  install app
      • ingest data
      • create knowledge objects for all users
    • Power: create and share knowledge objects for users of an app and do real time searches.
      •  this is in general people get to create alert and dashboards.
    • User: can see only their own knowledge objects and those shared with them.

Each Organization has a config on having the types of user roles based on the hierarchy, billing, usage and may not be same across!
Note: Splunk enterprise roles varies bit form Splunk cloud roles including few more cloud specific roles.

 

Splunk Specialist – List of Roles and Responsibilities

Posted on by HQW

Splunk Specialist with good IT infrastructure skills, in multi-platform environments, ideally familiar with Linux. There are several innovative projects in Splunk, and various companies are looking for qualified administrators with Splunk experience and/or certification.

Main responsibilities:

  • Participated in all Splunk company initiatives, both internal projects and customer mandates.
  • Install and configure the necessary components to collect data from DB, log files, API, etc. to Splunk.
  • Install, configure, administer Splunk Enterprise on Windows and Linux.
  • Support Splunk updates.
  • Monitor and identify performance issues.
  • Perform data onboarding in Splunk: data collection, filtering, and transformation (source types, inputs, transforms, etc.);
  • Build use cases: advanced SPL, dashboards, reports, alerts, etc.
  • Always continue to develop product knowledge and act as a product expert.
  • Document best practices.

Qualifications required:

  • Integrating data from various sources (DB, log files, APIs, etc.) into Splunk (on prem or cloud);
  • Experience in CIM modeling in Splunk.
  • Experience in managing indexes and knowledge objects in Splunk.
  • Experience working with cloud offerings such as Azure or AWS.
  • Knowledge of basic security concepts.
  • Experience in access management (RBAC model) in Splunk.
  • Valuable experience in AIX, Linux (RedHat, CentOS) systems administration (permissions management, security (including TLS/SSL), debugging, etc.);
  • Exceptionally good experience in Splunk user support and training.
  • Good knowledge of system virtualization.
  • Good knowledge of server infrastructure.
  • Knowledge of storage, operating systems and networking.
  • Knowledge of Splunk Enterprise Security is an asset.