Deployment Architecture

• Deploy Splunk Enterprise in a distributed architecture
• Configure indexers, search heads and forwarders
• Implement clustering for Indexer and SH Cluster

Log Source Onboarding

• Configure Universal Forwarders
• Configure Heavy Forwarders
• Create data inputs for syslog, API, and cloud integrations
• Set up index creation and retention policy configuration
• Perform field extraction, sourcetype validation, and parsing

Detection Use Case Engineering

• Develop SPL‑based detection queries
• Create correlation searches in ES
• Implement Risk‑Based Alerting (RBA)
• Fine‑tune alerts to reduce false positives
• Conduct use‑case gap analysis

Log Validation Troubleshooting

• Validate the ingestion pipeline for Forwarder, Indexer and Search Head
• Troubleshoot parsing, indexing and timestamp issues <...