SUMMARY:

• Overall 10+ years of experience in Information Technology field with strong 5 year experience in Splunk Developer/Admin, Enterprise Security ES.
• Strong experience with Splunk 5.x and 6.x product, distributed Splunk architecture and components including search heads, indexes and forwarders.
• Experience in Operational Intelligence using Splunk.
• Headed Proof - of-Concepts (POC) on Splunk ES implementation, mentored and guided other team members on Understanding the use case of Splunk.
• Expertise in customizing Splunk for Monitoring, Application Management and Security as per customer requirements and industry best practice.
• Expertise in Installation, Configuration, Migration, Trouble-Shooting and Maintenance of Splunk, Passionate about Machine data and operational Intelligence.
• Implemented workflow actions to drive troubleshooting across multiple event types in Splunk.
• Expert in installing and configuring Splunk forwarders on Linux, Unix and Windows.
• Expert in installing and using Splunk apps for UNIX and Linux (Splunk nix)
• Knowledge on Configuration files in Splunk (props.conf, Transforms.conf, Output.confg)
• Worked on large datasets to generate insights by using Splunk.
• Production error monitoring and root cause analysis using Splunk.
• Install, configure and administer Splunk Cloud Environment 6.5.0 and Splunk Forwarder 6.x.x on Windows Servers.
• Supported Splunk Cloud with 4 Indexers, 80 forwarders and Generated 700 Gb of data per day.
• Involved in standardizing SPLUNK forwarder deployment, configuration and maintenance across Windows Servers
• Configured inputs.conf and outputs.conf to pull the XML based events to SPLUNK Cloud Indexer.
• Debug Splunk related and integration issues.
• Installed Splunk on nix & Splunk SOS and maintained Splunk instance for monitoring the health of the clusters
• Integrate Spunk Web console with Splunk Mobile App using Mobile Access server Add on
• Build, customize and deploy Splunk apps as per internal customers
• Splunk UI experience and able to debug expensive search queries.
• Configured Clusters for load balancing and fail over solutions.
• Implemented a Log Viewer Dashboard as a replacement for an existing tool to view logs across multiple applications hosted on a PaaS setup.
• Create Splunk Search Processing Language (SPL) queries, Reports, Alerts and Dashboards.
• Ability to provide engineering expertise and assistance to the Splunk user community Advanced Splunk Search Processing Language skills (SPL).
• Extensively used various extract keyword, search commands like stats, chart, time chart, transaction, strptime, strftime, eval, where, xyseries, table etc
• Good knowledge about Splunk Searching and Reporting modules, Knowledge Objects, Administration, Add-On’s, Dashboards, Clustering and Forwarder Management.
• Created and Managed Splunk DB connect Identities, Database Connections, Database Inputs, Outputs, lookups, access controls.
• IPV6/IPV4 routing, sub-netting, and networking routing technologies
• Time chart attributes such as span, bins, Tag, Event types, Scheduled searches online search vs scheduled search in a dashboard.
• Designed, developed and implemented multi-tiered Splunk log collection solutions.
• Installed, configured and administered JBoss Application server 5.0, 7.0 in various environments.
• Installed, configured and administered Web Servers like Apache 2.x HTTP Server, Apache Tomcat 6.x, Sun One 6.x Web Server and Microsoft IIS Server for WebLogic plug-ins.
• Strong experience with web/application servers like Apache Tomcat, Jetty, JBoss, IBM WebSphere, WebLogic.
• Strong experience using SQL, PL/SQL Procedures/Functions, Triggers and Packages.
• Creating accurate reports, Dashboards, Visualizations, Elastic search and Pivot tables for the business users.
• Well versed with Dynatrace Monitoring tool. Expert in architecture of applications monitoring and UE Analytics. Experience within configuration and infrastructure support of Monitoring alerting and reporting tools through Dynatrace interface

TECHNICAL SKILLS:

Splunk: Splunk 5.x and 6.x, Splunk Enterprise, Splunk on Splunk, Splunk DB 2 Connect, Splunk Cloud, Hunk, Splunk IT Service Intelligence, Splunk Web Framework

Operating Systems: Windows 2000, XP, Win 10, Windows Server, Unix/Linux (Red Hat), Free BSD

Data Analysis: Requirement Analysis, Business Analysis, detail design, data flow diagrams, data definition table, Business Rules, data modeling, Data Warehousing, system integration

RDBMS: Oracle 11g/10g/9i/8i, MS-SQL Server 2000/2005/2008, Sybase, DB2 MS Access, Mysql

Web Technologies: HTML, DHTML, JavaScript, XML, XSL, XSLT, REST, SOAP

Web/App Servers: Apache Tomcat 6.0, web logic8.1/9.2, web sphere 6.0

Concepts: SDLC, Object Oriented Analysis and Design, Unified Modeling Language (UML), Assembly and System Level Testing, exposure in Agile.

Programming Language: C, C++, Java with Big Data, Python, UNIX shell scripts

Security / Vulnerability Tools: Snort, Wireshark, Websense, Bluecoat, Palo Alto, Checkpoint, Symantec, Qualys Vulnerability Manager, FireEye HX, Sophos, Sourcefire

Monitoring Tool: Netcool, Dynatrace, tealeaf

PROFESSIONAL EXPERIENCE:

Confidential,Naperville,IL

Splunk Subject Matter Expert in Security Engineering Team

Responsibilities:

• Developed Splunk infrastructure and related solutions as per automation toolsets.
• Experience in Splunk GUI development creating Splunk apps, searches, Data models, dashboards, and Reports using the Splunk query language.
• Provide regular support guidance to Splunk project teams on complex solution and issue resolution.
• Responsible for documenting the current architectural configurations and detailed data flow and troubleshooting guides for application support.
• Involved as a Splunk Admin in capturing, analyzing and monitoring front end and middle ware applications.
• Worked with Client engagements and data onboarding and writing alerts, dashboards using the Search Processing Language (SPL).
• Analyzed security based events, risks and reporting instances.
• As part of SIEM, monitored notable events through Splunk Enterprise Security (Using V3.0).
• Generated Shell Scripts to install Splunk Forwarders on all servers and configure with common Configuration Files such as Bootstrap scripts, Outputs.conf and Inputs.conf files.
• Onboard new log sources with log analysis and parsing to enable SIEM correlation.
• Configuration of inputs.conf and outputs.conf to pull the XML based events to splunk cloud indexer.
• Various types of charts alert settings Knowledge of app creation, user and role access permissions.
• Creating and managing app, create user, role, permissions to knowledge objects.
• Created Compliance dashboard for HP-NA and Compliance with Network Devices.
• Created Compliance Security Baseline and Vulnerability Assessment dashboard for IBM Guardium Security for Database Server and Database Instances.
• Creating Vulnerability Assessment dashboard using Rapid7, Joval that aggregates data across multiple services to identify critical threats and proactively mitigate risks.
• Parsing, Indexing, Searching concepts Hot, Warm, Cold, Frozen bucketing and splunk clustering.
• Setup and configuration of search head cluster with three search head nodes and managing the search head cluster with deployer.
• Involved in standardizing Splunk forwarder deployment, configuration and maintenance across UNIX and Windows platforms.
• Provide regular support guidance to SPLUNK project teams on complex solution and issue resolution with the objective of ensuring best fit and high quality.
• Interact with the data warehousing team regarding extracting the data and suggest the standard data format such that Splunk will identify most of the fields.
• Onboard new log sources with log analysis and parsing to enable SIEM correlation.Analyzed large datasets to identify metrics, drivers, performance gaps and opportunities for improvement
• Worked on setting up Splunk to capture and analyze data from various layers Load Balancers, Webservers and application servers.
• Write automation scripts for APIs, Unit and functional test cases using Selenium WebDriver.
• Write automation scripts for REST API's using TestNG and Java.
• Worked on DB Connect configuration for r, MySQL and MSSQL.
• Splunk DB Connect 2.0 in search head cluster environments of Oracle, MySQL
• Designed and implemented a NoSQL based database and associated RESTful web service that persists high-volume user profile data for vertical teams.
• Scripted SQL Queries in accordance with the Splunk.
• Created many of the proof-of-concept dashboards for IT operations, and service owners which are used to monitor application and server health.
• Created Dashboards, report, scheduled searches and alerts.
• Create dashboard from search, scheduled searches and Inline search vs scheduled search in a dashboard.
• Field Extraction, Using IFX, Rex Command and Regex in configuration files.
• Splunk administering in environments like Window Servers, Red Hat Linux Enterprise Servers.

Environment: SPLUNK 6.3.1, Linux, UNIX, Oracle 11g, MS SQL Server 2012, SQL, Joval, Rapid 7, Bluecoat, IBM QRadar, IBM Guardium,,VMF, Tripwire, Resilient, Service Now (ITAM)

Confidential,TX

Splunk Admin/Developer

Responsibilities:

• Performed Splunk administration tasks such as installing, configuring, monitoring and tuning.
• Install and maintain the Splunk add-on including the DB Connect 1, Active Directory LDAP for work with directory and SQL database.
• Installed and configured Splunk DB Connect in Single and distributed server environments.
• Configure the add-on app SSO Integration for user authentication and Single Sign-on in Splunk Web.
• Automating in Splunk using Perl with Service-Now for event triggering.
• Deployed Splunk updates and license distribution over multiple servers using a deployment server.
• Create Dashboard Views, Reports and Alerts for events and configure alert mail.
• Monitor the Splunk infrastructure for capacity planning and optimization
• Server monitoring using tools likes Splunk, Solarwinds-Orion, HP BSM and HP Open View.
• Integrated ServiceNow with Splunk to generate the Incidents from Splunk.
• Active monitoring of Jobs through alert tools and responding with certain action logs, analyses the logs and escalate to high level teams on critical issues.
• Configured and administered Tomcat JDBC, JMS and JNDI services.
• Configured Node manager to remotely administer Managed servers
• Experience in handling network resources and protocols such as TCP/IP, Ethernet, DNS
• Splunk configuration that involves different web application and batch, create Saved search and summary search, summary indexes.
• Splunk search construction with ability to create well-structured search queries that minimize performance impact.
• Scaling up ELK (Elastic search/Log stash/Kibana) to index 90G a day of raw data(Tested alternative open source for splunk)
• Monitored the database (data tables and error tables), WebLogic error log files and application error log files to track and fix bugs.
• Ensuring that the application website is up and available to the users.
• Continuous monitoring of the alerts received through mails to check if all the application servers and web servers are up.
• Worked on DB Connect configuration for Oracle, MySQL and MSSQL.
• Supporting migration from Splunk On Premise data center to Amazon AWS
• Launching, Configuring, Supporting large scale instances on AWS
• Monitored Database Connection Health by using Splunk DB connect health dashboards.
• Created Crontab scripts for timely running jobs.
• Developed build scripts, UNIX shell scripts and auto deployment processes.
• Good experience in creating Splunk apps, navigations, interfaces and good experience on Splunk lookups, macros, Pivot, datamodels, lookupfiles and their publication into Splunk.
• Experience on use and understand of complex RegEx (regular expressions).
• Remedy administration, support and development with ITSM 7.x.

Environment: Splunk 6.x, Splunk Enterprise and splunk modules, WebLogic server 8.x/9.x/10.x/11g, Tomcat 6.0, IBM HTTP Server, Microsoft IIS 7.0, Apache 2.x, Solaris10, Windows 2008, Oracle 11g/10g, Mercury 7, HP Site scope, web services, LDAP, Oracle Access Manager, Mongo DB,JDK 1.7, SOA Suite 11g, Wily Introscope 8.x, JSP, EJBs, JMS, HTML, XML, JRUN, SSL, JDBC, JMS, JNDI

Confidential,PA

Splunk Admin

• Implemented forwarder configuration, search heads and indexing.
• Created Dashboards, report, scheduled searches and alerts.
• Resolved configuration based issues in coordination with infrastructure support teams.
• Creating Vulnerability dashboard that aggregates data across multiple services to identify critical threats and proactively mitigate risks.
• Prepared, arranged and tested SPLUNK search strings and operational strings.
• Analyzed security based events, risks and reporting instances.
• Developing custom web application solutions for internal ticket metrics reporting.
• Provide regular support guidance to SPLUNK project teams on complex solution and issue resolution with the objective of ensuring best fit and high quality.
• Interact with the data warehousing team regarding extracting the data and suggest the standard data format such that Splunk will identify most of the fields.
• Onboard new log sources with log analysis and parsing to enable SIEM correlation.
• Subject matter expert in best practices, security protocols, PKI, and other security-related issues.
• Worked on large datasets to generate insights and communicate insights to guide strategic roadmap.
• Created many of the proof-of-concept dashboards for IT operations, and service owners which are used to monitor application and server health.
• Installed, upgraded patches, deployment, monitor, tuning and configuration of Weblogic Application Server in multi cluster/server environment.
• Performed field extraction using IFX in an event action.
• Involved in setting up alerts for different type of errors.
• Analyzed security based events, risks and reporting instances.
• Prepared, arranged and tested Splunk search strings and operational strings.
• Involved in interacting with business owners, developers and business analysts in improving the application.
• Gained in depth knowledge on Ant build and Web Sphere servers.
• Involved in handling various Incident and request related to the application.
• Involved in monitoring the ticketing tool and taking the ownership of the tickets.
• Worked on various defects analysis and fixed them.
• Worked closely with business partners in addressing their queries.

Environment: SPLUNK 6.0.1, Linux, UNIX, Oracle 11g, MS SQL Server 2012, SQL. Cassandra with Spark and Flume.

Confidential,San Francisco,CA

BI Pentaho Developer

Responsibilities:

• Extensively worked with Business Users in gathering requirements and actively cataloging and supporting various issues and providing their solution.
• Responsible for coding SSIS processes to import data into the Data Warehouse from Excel Spreadsheet, Flat Files and OLEDB Sources.
• Used bunch of transformations in Pentaho transformations including Row Normalizer, Row Demoralizer, Database Lookup, Database Join, Calculator, Add Sequence, Add Constants and various types of inputs and outputs for various data sources including Tables, Access, Text File, Excel and CSV file.
• Participated in design of Staging Databases and Data Warehouse/Data mart database using Star Schema/Snowflakes schema in data modeling.
• Troubleshoot BI tool problems and provide technical support as needed. Perform other tasks as assigned.
• Worked very closely with Project Manager to understand the requirement of reporting solutions to be built.
• Gathered business requirement by understanding business Processes and needs.
• Installed and Configured Pentaho BI Suite 4.2 & 4.4 along with Enterprise Repository in Pentaho BI server.
• Used Pentaho Import Export utility to Migrate Pentaho Transformations and Job from one environment to others.
• Used different types of input and output steps for various data sources including Tables, Access, Text File, Excel and CSV files.
• Configured Pentaho BI Server for report deployment by creating database connections in Pentaho enterprise console for central usage by the reports deployed in the repository. ed Logic with Database lookup table to maintain Parent- Child relationship and maintain hierarchy.Used Pentaho Design Studio for creating custom parameters as well as generating report.
• Used Pentaho Report designer to create various reports having drill down functionality by creating Groups in the reports and drill through functionality by creating sub-reports within the main reports.
• Automated file transfer processes and mail notifications by using FTP Task and Send Mail task in Transformations
• Applied Configuration, Logging, Error reporting to all Transformation and Jobs to make it deployment easy and troubleshoot package on run time.
• Used Pentaho Enterprise Console (PEC) to monitor the ETL Jobs/Transformation on Production Database.
• Resolved connectivity issue on different server by using Kettle.Properties file and setup Variable for each DB connection.
• Performed Data cleansing by creating tables to eliminate the dirty data using SSIS.
• Involved in performing incremental loads while transferring the data OLTP to data warehouse using different data flow and control flow tasks in SSIS.
• Responsible for creating database objects like table, views, Store Procedure, Triggers, Functions etc. using T-SQL to provide structure to store data and to maintain database efficiently.
• Extensively used joins and sub queries to simplify complex queries involving multiple tables.
• Optimized the performance of queries with modification in TSQL queries, removed unnecessary columns, eliminated redundant and inconsistent data, normalized table, established joins and created Clustered, Non-Clustered indexes whenever necessary.

Environment: Oracle 11g/10g, Pentaho Data Integration Spoon 4.4.0/4.2.0/4.1.2, Oracle Toad 11.5/10.6, PL/SQL, Pentaho Enterprise console