SUMMARY

• Splunk Developer, Admin, ITSI Admin and power user certified professional with 11 years of experience in Splunk. Proficient in Log aggregation and analysis techniques and Enterprise SIEM configuration.
• Good knowledge in Security, Payment gateway domains.
• Sound knowledge in Splunk, programming languages like Python and working experience in AWS, S3, Java, JavaScript, HTML, CSS and XML.
• Experience in setting up Splunk cluster for Enterprise and handling large clusters.
• Experience in analyzing big data and reporting it to the leadership and technology teams to improve the processes.
• Expert in analyzing data, correlating trends, building reports, alerts, configuring data models and summary indexing.
• Experience in Installation and maintenance of Splunk Universal Forwarders, Solving Forwarder issues and deployment of apps through Deployment Server.
• Proficient in writing complex regular expressions and extracting fields using interactive field extractor, rex and Multikv commands
• Expert in Splunk search language - SPL.
• Sound knowledge in SPL commands and experienced in writing custom commands in Splunk.
• Experienced in configuring search head cluster, indexer cluster, syslog-ng configuration and performance optimization.
• Expert in writing Splunk configurations like props, transforms, server, inputs, outputs, savedsearches etc.,
• Automation for handling code hygiene across multiple Splunk clusters in the Enterprise and release management for Splunk.
• Proficient in ensuring CIM compliance and knowledge objects management.
• Experience developing Splunk queries, dashboards glass tables that present the application performance, server resource utilization and capacity analysis.
• Expert in installing and using Splunk apps for UNIX and Linux (Splunk nix).
• Experience configuring Splunk authentication, creating roles and handling user permissions.
• Good experience in version control tools like GIT & SVN.
• Automating prep-work for Splunk cluster upgrades.
• Experience in configuring ITSI app, entities, KPIs and metrics.
• Experienced in ingesting data from various sources like REST API, HTTP event collectors, files, directories, syslog and Splunk DB connect.
• Working knowledge in UNIX shell scripting and Ansible.
• Key team player with the ability of interpersonal relationship and good communication skills.
• Experience in different team projects with good project implementation experience, team skills, troubleshooting, presentation abilities and issue resolution capabilities.

TECHNICAL SKILLS

• WINDOWS
• UNIX
• SPLUNK
• AWS
• S3
• Python
• Java
• HTML
• XML
• SPL
• Elastic search
• Logstash
• Kibana
• GitHub
• Eclipse
• SQL
• Putty
• JIRA
• JSON
• XML
• Java Script
• Jenkins
• Ansible.

PROFESSIONAL EXPERIENCE

Confidential

Splunk Architect

Responsibilities:

• Setup Splunk clusters based on the necessity.
• Setup IT Service Intelligence app and configured services, entities and KPIs
• Automation for handling code uniformity for roles and access across multiple Splunk clusters
• Ingesting data into Splunk and ensuring the CIM compliance is maintained.
• Onboard new log sources and configure parsing rules and relevant stanzas in props.conf and transforms.conf files.
• Setup monitoring console and keep health check alerts.
• Enable whitelisting the hosts by the application owners for existing apps on the deployment servers.
• Handle license warnings and troubleshoot license master and slave connectivity.
• Configure syslog to listen to the data and write the data to the disk and UF to monitor the data written by the syslog server.
• Troubleshooting the remote S3 storage connectivity for the indexers and ensure the monitoring is in place.
• Solve the search head cluster bundle size issues and keep it under the limit.
• Interact with security teams and author correlation searches for cyber security monitoring.
• Build glass tables for security and IT Operations.
• Configure props.conf, transforms.conf for routing data based on the sourcetype or content in the events.
• Create and configure Splunk apps and add-ons.
• Find long running searches in the environment and optimize them to run efficiently.
• Handle Splunk code release cycles and automate the deployment cycle across the clusters.
• Troubleshoot issues and address users’ queries and tickets.

Environment: Splunk, S3, SVN, Ansible, Python, JavaScript, XML, JSON, PAC2000, JIRA, Putty, WinScp, UNIX, Windows, Anaconda

Confidential

Senior Splunk Engineer

Responsibilities:

• Onboard audit logs to Splunk and ensure CIM compliance.
• Map the on-boarded data to the relevant data models that are shipped with CIM add-on.
• Setup alerts for missing data from indexes, sourcetypes and hosts.
• Troubleshoot missing data alerts and resolve them as a priority.
• Resolve issues with data ingestion latency from critical security application and setup alerts to notify the team on such cases.
• Onboard new log sources and configure parsing rules and relevant stanzas in props.conf and transforms.conf files.
• Perform Splunk clusters upgrades with minimal downtime.
• Handle license warnings and troubleshoot license master and slave connectivity.
• Configure syslog to listen to the data and write the data to the disk and UF to monitor the data written by the syslog server.
• Configure correlation searches and setup automated actions for certain notable events.
• Act and solve cluster related issues within the SLA.
• Work closely with Audit teams to write ad-hoc searches and generate reports based on a need basis.
• Review and approve or deny the changes committed to GIT by the peers.
• Handle Splunk releases and resolve the issues if any.
• Troubleshoot issues and address users’ queries and tickets.

Environment: Splunk, GIT, Ansible, Python, JavaScript, XML, JSON, Service Now, Putty, WinScp, UNIX, Windows

Confidential

Senior Splunk Developer

Responsibilities:

• Onboard logs in to Splunk and ensure CIM compliance for the security logs.
• Author inputs such that security logs are routed to an indexer cluster and application or operational logs to a different indexer cluster.
• Parse the logs with no or minimal errors and warnings.
• Setup alerts for missing data from indexes, sourcetypes and hosts.
• Handle orphaned data that is forwarded to Splunk without an index to prevent Splunk from increased queue sizes.
• Install setup and manage Splunk add-ons to gain from the parsing rules and prebuilt knowledge objects for security data.
• Address the issues with universal forwarders where CPU and Memory utilization are high.
• Onboard new log sources and configure parsing rules and relevant stanzas in props.conf and transforms.conf files.
• Handle Splunk releases in the organization and review the performance post release.
• Perform field extractions both index time and search time based on the complexity, frequency and of the extracted information.
• Configure macros, field aliases, event types and tags for better utilization of the on-boarded data.
• Perform Splunk - ServiceNow integration to enable creating tickets in service now from Splunk as a workflow action as well as alert action.
• Setup scripts to automate FTP delivery of the reports and fetch updated CSV files as lookups.

Environment: Splunk, GIT, Shell Script, Python, JavaScript, XML, JSON, Service Now, Putty, WinScp, UNIX, Windows

Confidential

Assistant Manager

Responsibilities:

• Extract information from the logs in the form of fields.
• Configure macros, tags, and event types.
• Onboard data from database using the Splunk’s db-connect app.
• Build dashboards, configure scheduled reports and relevant alerts for the management and developers.
• Enhance the dashboards to load faster with usage of base searches and drilldowns.
• Manage access to the users. Users must have access to the apps/indexes only on a need to know basis.
• Enable summary indexing of the frequently searched data and use the summarized data in the dashboards.
• The reports that are business critical and have visibility to the management must be accelerated for better performance.
• Provide ad-hoc reports in the form of CSVs to the management and business teams.
• Predict the possible traffic on the portal for next three months.

Environment: Splunk, Shell Script, Python, JavaScript, XML, JSON, Remedy, Putty, WinSCP, UNIX, Windows, Microsoft SQL Server 2014

Confidential

Splunk SIEM Admin

Responsibilities:

• Gather requirements and communicate with the stakeholders.
• Onboard data from application servers, appliances, and databases.
• Install and setup Splunk add-on to ensure parsing and field extractions.
• Configure alerts, develop search queries, reports, and dashboards.
• Build dashboards, configure scheduled reports and relevant alerts for the management and developers.
• Forensic investigation into the incidents that happen in the organization.
• Manage authorize.conf and authentication.conf to provide users a role-based access.
• Correlate the web traffic to understand the bandwidth utilization and plan accordingly.
• Build dashboards to present employees’ time punching and time in office metrics.
• Enable visualization by installing the Splunk apps and dashboard examples app
• Troubleshoot issues.

Environment: Splunk, Shell Script, Python, JavaScript, XML, JSON, Service Now, Putty, WinScp, UNIX, Windows

Confidential

Lead Splunk Developer

Responsibilities:

• Gather and analyze the requirements.
• Write search queries to create reports, dashboards and configure alerts.
• Develop and configure the custom search commands.
• Build interactive dashboards using Python’s Django framework.
• Integrate third-party JavaScript libraries like D3.js to create new visualization that are not shipped with Splunk.
• Implement Change request raised by the customers.
• Troubleshoot issues.

Environment: Splunk, Shell Script, Python, JavaScript, XML, JSON, Service Now, Putty, WinScp, UNIX, Windows, IBM DB2

Confidential

Splunk Engineer

Responsibilities:

• Gather and analyze the requirements.
• Perform testing the application for the all the provided test-cases.
• Record the behavior of the application and suggest the application developers to capture the necessary information in the logs.
• Parse the logs in Java and store them on a database.
• Implement Splunk POC and compare the efficiency of handling logs compared with the traditional web application powered by a database.
• Create possible visualizations to depict the logs.

Environment: Splunk, Java, JavaScript, XML, JSON, Remedy, Putty, WinScp, UNIX, Windows, Oracle DB.