Vacancy expired!
- Onboard applications into Splunk for SEIM
- Create a data input in Splunk: Once the logs are being forwarded to the Splunk platform, create a data input to define the source and format of the log data.
- Discover the application's logging capabilities & requirements from stakeholders regarding data logs, data types, formats, and use cases.
- Analyze data sources to determine the best method for ingesting data into Splunk, such as using Splunk forwarders, indexes, API integration, or custom scripts.
- Implement and configure Splunk apps, add-ons, or plugins specific to the application being onboarded.
- Configure the agent or log file collector to collect the logs from the application and forward them to the Splunk platform.
- Develop parsing rules to extract the relevant data from the logs and create fields in Splunk to store that data.
- Map fields to CIM (Common Information Model) fields.
- Test data ingestion pipelines and search performance in a Dev environment, prior to rolling into production.
- Document onboarding process, including search queries, dashboard creation, and alert types.