Splunk Specialist - Migration to Elasticsearch (Kubernetes Environment)

Splunk Specialist - Migration to Elasticsearch (Kubernetes Environment)

Project Context:

Our customer is undertaking a major migration initiative from Splunk to an Elasticsearch-based solution (ELK Stack) deployed on Kubernetes. This role is critical to design, plan, and lead the migration efforts while also supporting current Splunk operations.

Key Responsibilities:

• Lead the end-to-end migration of log data, dashboards, alerts, saved searches, and configurations from Splunk to Elasticsearch.
• Assess and document the current Splunk setup - ingestion pipelines, dashboards, alerting rules, data models, etc.
• Design a detailed migration roadmap, including milestones, risk assessments, and fallback plans.
• Collaborate with Elastic/Elasticsearch platform teams to implement equivalent observability tooling (eg, Watcher, Kibana dashboards).
• Act as the primary Splunk SME supporting the customer's existing team of two during the transition.
• Post-migration, support and troubleshoot any issues related to the new ELK setup on Kubernetes.

Must-Have Experience:

• 6-8 years of experience in daily Splunk administration, operations, and architecture in a production environment.
• Proven experience leading or executing a migration from Splunk to Elasticsearch, including dashboard and alert conversion.
• Strong understanding of Splunk architecture, including indexers, search heads, forwarders, and data models.
• Working knowledge of ELK Stack (Elasticsearch, Logstash, Kibana) in production settings.
• Familiarity with Kubernetes and container-based deployment models.
• Strong Scripting ability (Python, Bash/Shell) for automation of tasks.
• Excellent communication and documentation skills - must be able to interact with technical and business stakeholders.

Nice to Have:

• Splunk Certifications (eg, Splunk Certified Admin/Architect)
• Experience with Bicep, Terraform, or Ansible
• Familiarity with Elastic Observability solutions (eg, Elastic APM, Elastic Security)

Engagement Model:

• Full-time, Hybrid role- based in Birmingham.