Splunk Data Admin

ITbility

  • Splunk Data Admin
  • Melbourne
  • Contract - 6 + Months

We are looking for a hands-on Splunk Data Admin to join a team focused on strengthening.. Please email me at ***email_hidden*** for more information.

Key responsibilities

• 5–10 years experience with Splunk administration and data onboarding (or equivalent depth).

• Strong practical knowledge of:

- CIM normalization, tags/eventtypes, datamodel alignment

- Field extraction (regex, JSON/KV extraction), and troubleshooting parsing issues

- props.conf / transforms.conf, sourcetypes, timestamps, line-breaking

- TA installation/configuration and deployment patterns across Splunk tiers

• Experience with complex Splunk architectures:

- Indexer clusters, SH/SHC, forwarder management, deployment server

- Hybrid patterns (on-prem + cloud), connectivity, and ingestion strategies

• Comfortable writing and validating SPL for data quality and CIM compliance.

• Strong log source knowledge across common domains:

- Security: EDR, firewall, proxy, IAM/auth, VPN, email security

- Infrastructure: Windows, Linux, network devices, virtualization

- Cloud: AWS/Azure/GCP logging patterns (nice-to-have)

Preferred / Nice-to-Have

• Experience with Splunk Enterprise Security (ES) and ES add-ons / CIM compliance expectations.

• Knowledge of Splunk Ingest Actions / Edge Processor (or modern ingestion tools, where applicable).

• Familiarity with:

- HEC, API ingestion, message queues

- ITSI / Observability (bonus)

• Splunk certifications (preferred):

- Splunk Core Certified Power User / Admin

- Splunk Enterprise Certified Admin

- Splunk ES Admin (bonus)

All candidates should have full working rights in Australia. Only shortlisted candidates will be contacted for this role.

To apply, please submit your resume ASAP for immediate consideration or email ***email_hidden***

Apply Now Apply Now Post a Resume

See more jobs in Melbourne, Victoria, jobs in Australia