• Design, implement, and operate the Splunk environment. • Monitor overall Splunk health through the Monitoring Console (DMC) including indexer, search head, and cluster master status. • Track indexing rates, license usage, queue health, and search concurrency to identify performance or ingestion issues early. • Monitor CPU, memory, and disk utilization across all Splunk components to ensure optimal resource usage. • Respond promptly to health alerts, DMC warnings, or anomalies observed on monitoring dashboards. • Investigate and resolve common user-reported issues such as access problems, failed searches, or non-triggering alerts. • Troubleshoot data ingestion, parsing, and indexing issues across Universal Forwarders, Heavy Forwarders, and HEC endpoints. • Investigate missing or duplicate logs, timestamp errors, or sourcetype misassignments and escalate complex parsing issues to Engineering. • Validate new data source onboardings by confirming sourcetype assignment, timestamp accuracy, and field extraction integrity. • Support data source owners with forwarder deployment, syslog setup, and connectivity troubleshooting during initial onboarding. • Maintain data flow visibility from source → forwarder → indexer to confirm data completeness and performance. • Rotate and update credentials, API keys, or tokens used in data inputs, integrations, alerts, and scheduled searches. • Manage RBAC user and role mappings, handling access requests, entitlement reviews, and permission troubleshooting. • Provide end-user assistance with SPL searches, reports, alerts, and dashboards, including query optimization tips. • Maintain and update knowledge base articles, SOPs, and FAQs for repeatable issues and troubleshooting steps. • Log and escalate platform or parsing issues to the Engineering team with evidence such as logs, screenshots, and correlation IDs. • Open and manage Splunk Support cases for platform-level bugs, license problems, or critical system faults. • Monitor and manage ITSI service health, including KPIs, correlation searches, NEAP policies, and summary index latency. • Troubleshoot ITSI-related issues such as broken KPIs, delayed episodes, or missing notable events. • Perform capacity management by monitoring index growth, bucket rotation, and frozen data retention policies. • Conduct periodic system maintenance tasks, including orphaned object cleanup and knowledge object review. • Verify and maintain compliance with data governance and retention policies, ensuring secure and auditable configurations. • Participate in DR testing and validation to ensure Splunk data recovery and HA configurations are functioning as expected. • Document incidents, RCA findings, and preventive actions for future reference. • Collaborate closely with the Engineering team for escalations, root-cause investigations, and deployment verifications.