Tag: Splunk Admin

Splunk Overview on User roles

Posted on by HQW

Splunk user roles decide what the user can see, do, interact with Splunk with the access. Three General roles are mentioned below:

    1. Administrator: role is the powerful role in the list of roles; – install app- ingest data- create knowledge objects for all users
    2. Power User: create and share knowledge objects for users of an app and do real time searches. – this is in general people get to create alert and dashboards.
    3. User role – can see only their own knowledge objects and those shared with them.

Each Organization has a config on having the types of user roles based on the hierarchy, billing, usage and may not be same across!

Splunk Specialist – List of Roles and Responsibilities

Posted on by HQW

Splunk Specialist with good IT infrastructure skills, in multi-platform environments, ideally familiar with Linux. There are several innovative projects in Splunk, and various companies are looking for qualified administrators with Splunk experience and/or certification.

Main responsibilities:

  • Participated in all Splunk company initiatives, both internal projects and customer mandates.
  • Install and configure the necessary components to collect data from DB, log files, API, etc. to Splunk.
  • Install, configure, administer Splunk Enterprise on Windows and Linux.
  • Support Splunk updates.
  • Monitor and identify performance issues.
  • Perform data onboarding in Splunk: data collection, filtering, and transformation (source types, inputs, transforms, etc.);
  • Build use cases: advanced SPL, dashboards, reports, alerts, etc.
  • Always continue to develop product knowledge and act as a product expert.
  • Document best practices.

Qualifications required:

  • Integrating data from various sources (DB, log files, APIs, etc.) into Splunk (on prem or cloud);
  • Experience in CIM modeling in Splunk.
  • Experience in managing indexes and knowledge objects in Splunk.
  • Experience working with cloud offerings such as Azure or AWS.
  • Knowledge of basic security concepts.
  • Experience in access management (RBAC model) in Splunk.
  • Valuable experience in AIX, Linux (RedHat, CentOS) systems administration (permissions management, security (including TLS/SSL), debugging, etc.);
  • Exceptionally good experience in Splunk user support and training.
  • Good knowledge of system virtualization.
  • Good knowledge of server infrastructure.
  • Knowledge of storage, operating systems and networking.
  • Knowledge of Splunk Enterprise Security is an asset.