Contractor Support: Splunk and Linux

• The Contractor shall maintain clustered Splunk infrastructure, including search head and index cluster, deployment server, deployer, license manager, heavy and universal forwarders, Distributed Management Console (DMC)
• The Contractor shall onboard new data sources, monitor the health of existing data feeds.
• The Contractor shall deploy and manage Splunk apps, including writing custom apps where needed.
• The Contractor shall design and implement data flow and accesses across different networks and system interfaces, for example between Splunk and AWS, or between Splunk and network devices.
• The Contractor shall perform routine maintenance tasks such as adding or deleting indexes, sizing volumes, adding data inputs, patching the OS and upgrading Spunk, automation of routine tasks.
• The Contractor shall troubleshoot data flow interruptions, data quality issues, performance issues.
• The Contractor shall collaborate with other functional teams such as network, storage, security to provide Splunk service where needed across entire customer network
• The Contractor shall document architecture, how-to guides, troubleshooting documents.
• The Contractor shall create dashboards to assist stakeholders with troubleshooting, managing data feeds status, and managing audit logs from applications.
• The Contractor shall collect information for reporting on hosted systems.

required skills and demonstrated experience

The Contractor shall have the following required skills, certifications and demonstrated experience:

• Demonstrated experience working with Splunk and Linux.
• Demonstrated experience understanding Splunk distributed architecture and data pipelines, with hands-on implementation.
• Demonstrated experience with Splunk client management and apps management.
• Demonstrated experience with integrating Splunk with various data sources such as syslog, flat files, databases, APIs, cloud platform logs, HEC endpoints.
• Demonstrated experience with Splunk SPL to create searches, reports, alerts, and dashboards.
• Demonstrated experience with Splunk conf files to manage inputs, props, transforms, and similar.
• Demonstrated experience with fluency with Linux OS (RHEL or Rocky 8) and Command Line Interface (CLI)
• Demonstrated experience with scripting languages such as Bash, Python.
• Demonstrated experience with powershell for task automation.
• Demonstrated experience with custom apps development.
• Demonstrated experience with Regular Expression.
• Demonstrated experience with AWS SDK and CLI to programmatically interface with AWS.

Highly Desired skills and demonstrated experience

Skills and demonstrated experiences that are highly desired but not required to perform the work include:

• N/A

Place of performance

The primary place of performance is at a Sponsor location in WMA.

Full Time Equivalent (FTE) Level

The maximum number of FTEs is 1 (one).  Actual FTE bid, labor category and skill level is at the discretion of the Contractor.
PERIOD OF PERFORMANCE (POP)
The estimated POP is 5 (five) years.

Transitioning Existing work or new Requirement

☒   New requirement
☐   Requirement being re-competed
☐   Requirement being transitioned from another contract

TRAVEL

Travel is anticipated for this contract:   ☐YES                     ☒NO
Travel is anticipated for this contract upon Sponsor approval for the following categories:
☐   Local travel/POV will be on an as needed basis, within the local place of performance.
☐   Temporary Duty (TDY) travel is anticipated within the Continental United States (CONUS).
☐   TDY travel is anticipated outside the Continental United States (OCONUS).