Splunk Admin/developer Resume
VA
PROFESSIONAL SUMMARY:
- Splunk Certified User with over 4+ years of experience in Information Technology field with strong experience as Splunk Developer/Admin, Enterprise Security ES.
- Strong experience with Splunk 5.x and 6.x product, distributed Splunk architecture and components including search heads, indexes and forwarders.
- Experience in Operational Intelligence using Splunk.
- Headed Proof - of-Concepts (POC) on Splunk ES implementation, mentored and guided other team members on Understanding the use case of Splunk.
- Expertise in customizing Splunk for Monitoring, Application Management and Security as per customer requirements and industry best practice.
- Expertise in Installation, Configuration, Migration, Trouble-Shooting and Maintenance of Splunk, Passionate about Machine data and operational Intelligence.
- Implemented workflow actions to drive troubleshooting across multiple event types in Splunk.
- Expert in installing and configuring Splunk forwarders on Linux, Unix and Windows.
- Expert in installing and using Splunk apps for UNIX and Linux (Splunk nix)
- Knowledge on Configuration files in Splunk (props.conf, Transforms.conf, Output.confg)
- Worked on large datasets to generate insights by using Splunk.
- Production error monitoring and root cause analysis using Splunk.
- Install, configure and administer Splunk Cloud Environment 6.5.0 and Splunk Forwarder 6.x.x on Windows Servers.
- Supported Splunk Cloud with 3 Indexers, 120 forwarders and Generated 300 Gb of data per day.
- Involved in standardizing SPLUNK forwarder deployment, configuration and maintenance across Windows Servers
- Configured inputs.conf and outputs.conf to pull the XML based events to SPLUNK Cloud Indexer.
- Debug Splunk related and integration issues.
- Installed Splunk on nix & Splunk SOS and maintained Splunk instance for monitoring the health of the clusters
- Integrate Spunk Web console with Splunk Mobile App using Mobile Access server Add on
- Build, customize and deploy Splunk apps as per internal customers
- Splunk UI experience and able to debug expensive search queries.
- Configured Clusters for load balancing and fail over solutions.
- Implemented a Log Viewer Dashboard as a replacement for an existing tool to view logs across multiple applications hosted on a PaaS setup.
- Create Splunk Search Processing Language (SPL) queries, Reports, Alerts and Dashboards.
- Ability to provide engineering expertise and assistance to the Splunk user community Advanced Splunk Search Processing Language skills (SPL).
- Extensively used various extract keyword, search commands like stats, chart, time chart, transaction, strptime, strftime, eval, where, xyseries, table etc
- Good knowledge about Splunk Searching and Reporting modules, Knowledge Objects, Administration, Add-On’s, Dashboards, Clustering and Forwarder Management.
- Created and Managed Splunk DB connect Identities, Database Connections, Database Inputs, Outputs, lookups, access controls.
- IPV6/IPV4 routing, sub-netting, and networking routing technologies
- Time chart attributes such as span, bins, Tag, Event types, Scheduled searches online search vs scheduled search in a dashboard.
- Designed, developed and implemented multi-tiered Splunk log collection solutions.
- Installed, configured and administered JBoss Application server 5.0, 7.0 in various environments.
- Installed, configured and administered Web Servers like Apache 2.x HTTP Server, Apache Tomcat 6.x, Sun One 6.x Web Server and Microsoft IIS Server for WebLogic plug-ins.
- Strong experience with web/application servers like Apache Tomcat, Jetty, JBoss, IBM WebSphere, WebLogic.
- Strong experience using SQL, PL/SQL Procedures/Functions, Triggers and Packages.
- Creating accurate reports, Dashboards, Visualizations, Elastic search and Pivot tables for the business users.
TECHNCIAL SKILLS:
Splunk: Splunk 5.x and 6.x, Splunk Enterprise, Splunk on Splunk, Splunk DB 2 Connect, Splunk Cloud, Hunk, Splunk IT Service Intelligence, Splunk Web Framework
Operating Systems: Windows 2000, XP, Win 10, Windows Server, Unix/Linux (Red Hat), Free BSD
Data Analysis: Requirement Analysis, Business Analysis, detail design, data flow diagrams, data definition table, Business Rules, data modeling, Data Warehousing, system integration
Oracle 11g/10g/9i/8i, MS: SQL Server 2000/2005/2008 , Sybase, DB2 MS Access, Mysql
Web Technologies: HTML, DHTML, JavaScript, XML, XSL, XSLT, REST, SOAP
Web/App Servers: Apache Tomcat 6.0, web logic8.1/9.2, web sphere 6.0
Concepts: SDLC, Object Oriented Analysis and Design, Unified Modeling Language (UML), Assembly and System Level Testing, exposure in Agile.
Programming Language: C, C++, Java with Big Data, Python, UNIX shell scripts
PROFESSIONAL EXPERIENCE:
Confidential, VA
Splunk Admin/Developer
Responsibilities:
- Developed Splunk infrastructure and related solutions as per automation toolsets.
- Experience in Splunk GUI development creating Splunk apps, searches, Data models, dashboards, and Reports using the Splunk query language.
- Provide regular support guidance to Splunk project teams on complex solution and issue resolution.
- Responsible for documenting the current architectural configurations and detailed data flow and troubleshooting guides for application support.
- Involved as a Splunk Admin in capturing, analyzing and monitoring front end and middle ware applications.
- Worked with Client engagements and data onboarding and writing alerts, dashboards using the Search Processing Language (SPL).
- Analyzed security based events, risks and reporting instances.
- As part of SIEM, monitored notable events through Splunk Enterprise Security (Using V3.0).
- Generated Shell Scripts to install Splunk Forwarders on all servers and configure with common Configuration Files such as Bootstrap scripts, Outputs.conf and Inputs.conf files.
- Onboard new log sources with log analysis and parsing to enable SIEM correlation.
- Configuration of inputs.conf and outputs.conf to pull the XML based events to splunk cloud indexer.
- Various types of charts alert settings Knowledge of app creation, user and role access permissions.
- Creating and managing app, create user, role, permissions to knowledge objects.
- Created Compliance dashboard for HP-NA and Compliance with Network Devices.
- Created Compliance Security Baseline and Vulnerability Assessment dashboard for IBM Guardium Security for Database Server and Database Instances.
- Creating Vulnerability Assessment dashboard using Rapid7, Joval that aggregates data across multiple services to identify critical threats and proactively mitigate risks.
- Parsing, Indexing, Searching concepts Hot, Warm, Cold, Frozen bucketing and splunk clustering.
- Setup and configuration of search head cluster with three search head nodes and managing the search head cluster with deployer.
- Involved in standardizing Splunk forwarder deployment, configuration and maintenance across UNIX and Windows platforms.
- Provide regular support guidance to SPLUNK project teams on complex solution and issue resolution with the objective of ensuring best fit and high quality.
- Interact with the data warehousing team regarding extracting the data and suggest the standard data format such that Splunk will identify most of the fields.
- Onboard new log sources with log analysis and parsing to enable SIEM correlation.Analyzed large datasets to identify metrics, drivers, performance gaps and opportunities for improvement
- Worked on setting up Splunk to capture and analyze data from various layers Load Balancers, Webservers and application servers.
- Write automation scripts for APIs, Unit and functional test cases using Selenium WebDriver.
- Write automation scripts for REST API's using TestNG and Java.
- Worked on DB Connect configuration for r, MySQL and MSSQL.
- Splunk DB Connect 2.0 in search head cluster environments of Oracle, MySQL
- Designed and implemented a NoSQL based database and associated RESTful web service that persists high-volume user profile data for vertical teams.
- Scripted SQL Queries in accordance with the Splunk.
- Created many of the proof-of-concept dashboards for IT operations, and service owners which are used to monitor application and server health.
- Created Dashboards, report, scheduled searches and alerts.
- Create dashboard from search, scheduled searches and Inline search vs scheduled search in a dashboard.
- Field Extraction, Using IFX, Rex Command and Regex in configuration files.
- Splunk administering in environments like Window Servers, Red Hat Linux Enterprise Servers.
Environment: SPLUNK 6.3.1, Linux, UNIX, Oracle 11g, MS SQL Server 2012, SQL, Joval, Rapid 7, Bluecoat, IBM QRadar, IBM Guardium,,VMF, Tripwire, Resilient, Service Now (ITAM)
Confidential, New Jersey
Splunk Admin/Developer
Responsibilities:
- Performed Splunk administration tasks such as installing, configuring, monitoring and tuning.
- Install and maintain the Splunk add-on including the DB Connect 1, Active Directory LDAP for work with directory and SQL database.
- Installed and configured Splunk DB Connect in Single and distributed server environments.
- Configure the add-on app SSO Integration for user authentication and Single Sign-on in Splunk Web.
- Automating in Splunk using Perl with Service-Now for event triggering.
- Deployed Splunk updates and license distribution over multiple servers using a deployment server.
- Create Dashboard Views, Reports and Alerts for events and configure alert mail.
- Monitor the Splunk infrastructure for capacity planning and optimization
- Server monitoring using tools likes Splunk, Solarwinds-Orion, HP BSM and HP Open View.
- Integrated ServiceNow with Splunk to generate the Incidents from Splunk.
- Active monitoring of Jobs through alert tools and responding with certain action logs, analyses the logs and escalate to high level teams on critical issues.
- Configured and administered Tomcat JDBC, JMS and JNDI services.
- Configured Node manager to remotely administer Managed servers
- Experience in handling network resources and protocols such as TCP/IP, Ethernet, DNS
- Splunk configuration that involves different web application and batch, create Saved search and summary search, summary indexes.
- Splunk search construction with ability to create well-structured search queries that minimize performance impact.
- Scaling up ELK (Elastic search/Log stash/Kibana) to index 90G a day of raw data(Tested alternative open source for splunk)
- Monitored the database (data tables and error tables), WebLogic error log files and application error log files to track and fix bugs.
- Ensuring that the application website is up and available to the users.
- Continuous monitoring of the alerts received through mails to check if all the application servers and web servers are up.
- Worked on DB Connect configuration for Oracle, MySQL and MSSQL.
- Supporting migration from Splunk On Premise data center to Amazon AWS
- Launching, Configuring, Supporting large scale instances on AWS
- Monitored Database Connection Health by using Splunk DB connect health dashboards.
- Created Crontab scripts for timely running jobs.
- Developed build scripts, UNIX shell scripts and auto deployment processes.
- Good experience in creating Splunk apps, navigations, interfaces and good experience on Splunk lookups, macros, Pivot, datamodels, lookupfiles and their publication into Splunk.
- Experience on use and understand of complex RegEx (regular expressions).
- Remedy administration, support and development with ITSM 7.x.
Environment: Splunk 6.x, Splunk Enterprise and splunk modules, WebLogic server 8.x/9.x/10.x/11g, Tomcat 6.0, IBM HTTP Server, Microsoft IIS 7.0, Apache 2.x, Solaris10, Windows 2008, Oracle 11g/10g, Mercury 7, HP Site scope, web services, LDAP, Oracle Access Manager, Mongo DB,JDK 1.7, SOA Suite 11g, Wily Introscope 8.x, JSP, EJBs, JMS, HTML, XML, JRUN, SSL, JDBC, JMS, JNDI