PROFESSIONAL SUMMARY:

• Splunk Certified User with over 4+ years of experience in Information Technology field with strong experience as Splunk Developer/Admin, Enterprise Security ES.
• Strong experience with Splunk 5.x and 6.x product, distributed Splunk architecture and components including search heads, indexes and forwarders.
• Experience in Operational Intelligence using Splunk.
• Headed Proof - of-Concepts (POC) on Splunk ES implementation, mentored and guided other team members on Understanding the use case of Splunk.
• Expertise in customizing Splunk for Monitoring, Application Management and Security as per customer requirements and industry best practice.
• Expertise in Installation, Configuration, Migration, Trouble-Shooting and Maintenance of Splunk, Passionate about Machine data and operational Intelligence.
• Implemented workflow actions to drive troubleshooting across multiple event types in Splunk.
• Expert in installing and configuring Splunk forwarders on Linux, Unix and Windows.
• Expert in installing and using Splunk apps for UNIX and Linux (Splunk nix)
• Knowledge on Configuration files in Splunk (props.conf, Transforms.conf, Output.confg)
• Worked on large datasets to generate insights by using Splunk.
• Production error monitoring and root cause analysis using Splunk.
• Install, configure and administer Splunk Cloud Environment 6.5.0 and Splunk Forwarder 6.x.x on Windows Servers.
• Supported Splunk Cloud with 3 Indexers, 120 forwarders and Generated 300 Gb of data per day.
• Involved in standardizing SPLUNK forwarder deployment, configuration and maintenance across Windows Servers
• Configured inputs.conf and outputs.conf to pull the XML based events to SPLUNK Cloud Indexer.
• Debug Splunk related and integration issues.
• Installed Splunk on nix & Splunk SOS and maintained Splunk instance for monitoring the health of the clusters
• Integrate Spunk Web console with Splunk Mobile App using Mobile Access server Add on
• Build, customize and deploy Splunk apps as per internal customers
• Splunk UI experience and able to debug expensive search queries.
• Configured Clusters for load balancing and fail over solutions.
• Implemented a Log Viewer Dashboard as a replacement for an existing tool to view logs across multiple applications hosted on a PaaS setup.
• Create Splunk Search Processing Language (SPL) queries, Reports, Alerts and Dashboards.
• Ability to provide engineering expertise and assistance to the Splunk user community Advanced Splunk Search Processing Language skills (SPL).
• Extensively used various extract keyword, search commands like stats, chart, time chart, transaction, strptime, strftime, eval, where, xyseries, table etc
• Good knowledge about Splunk Searching and Reporting modules, Knowledge Objects, Administration, Add-On’s, Dashboards, Clustering and Forwarder Management.
• Created and Managed Splunk DB connect Identities, Database Connections, Database Inputs, Outputs, lookups, access controls.
• IPV6/IPV4 routing, sub-netting, and networking routing technologies
• Time chart attributes such as span, bins, Tag, Event types, Scheduled searches online search vs scheduled search in a dashboard.
• Designed, developed and implemented multi-tiered Splunk log collection solutions.
• Installed, configured and administered JBoss Application server 5.0, 7.0 in various environments.
• Installed, configured and administered Web Servers like Apache 2.x HTTP Server, Apache Tomcat 6.x, Sun One 6.x Web Server and Microsoft IIS Server for WebLogic plug-ins.
• Strong experience with web/application servers like Apache Tomcat, Jetty, JBoss, IBM WebSphere, WebLogic.
• Strong experience using SQL, PL/SQL Procedures/Functions, Triggers and Packages.
• Creating accurate reports, Dashboards, Visualizations, Elastic search and Pivot tables for the business users.

TECHNCIAL SKILLS:

Splunk: Splunk 5.x and 6.x, Splunk Enterprise, Splunk on Splunk, Splunk DB 2 Connect, Splunk Cloud, Hunk, Splunk IT Service Intelligence, Splunk Web Framework

Operating Systems: Windows 2000, XP, Win 10, Windows Server, Unix/Linux (Red Hat), Free BSD

Data Analysis: Requirement Analysis, Business Analysis, detail design, data flow diagrams, data definition table, Business Rules, data modeling, Data Warehousing, system integration

Oracle 11g/10g/9i/8i, MS: SQL Server 2000/2005/2008 , Sybase, DB2 MS Access, Mysql

Web Technologies: HTML, DHTML, JavaScript, XML, XSL, XSLT, REST, SOAP

Web/App Servers: Apache Tomcat 6.0, web logic8.1/9.2, web sphere 6.0

Concepts: SDLC, Object Oriented Analysis and Design, Unified Modeling Language (UML), Assembly and System Level Testing, exposure in Agile.

Programming Language: C, C++, Java with Big Data, Python, UNIX shell scripts

PROFESSIONAL EXPERIENCE:

Confidential, VA

Splunk Admin/Developer

Responsibilities:

• Developed Splunk infrastructure and related solutions as per automation toolsets.
• Experience in Splunk GUI development creating Splunk apps, searches, Data models, dashboards, and Reports using the Splunk query language.
• Provide regular support guidance to Splunk project teams on complex solution and issue resolution.
• Responsible for documenting the current architectural configurations and detailed data flow and troubleshooting guides for application support.
• Involved as a Splunk Admin in capturing, analyzing and monitoring front end and middle ware applications.
• Worked with Client engagements and data onboarding and writing alerts, dashboards using the Search Processing Language (SPL).
• Analyzed security based events, risks and reporting instances.
• As part of SIEM, monitored notable events through Splunk Enterprise Security (Using V3.0).
• Generated Shell Scripts to install Splunk Forwarders on all servers and configure with common Configuration Files such as Bootstrap scripts, Outputs.conf and Inputs.conf files.
• Onboard new log sources with log analysis and parsing to enable SIEM correlation.
• Configuration of inputs.conf and outputs.conf to pull the XML based events to splunk cloud indexer.
• Various types of charts alert settings Knowledge of app creation, user and role access permissions.
• Creating and managing app, create user, role, permissions to knowledge objects.
• Created Compliance dashboard for HP-NA and Compliance with Network Devices.
• Created Compliance Security Baseline and Vulnerability Assessment dashboard for IBM Guardium Security for Database Server and Database Instances.
• Creating Vulnerability Assessment dashboard using Rapid7, Joval that aggregates data across multiple services to identify critical threats and proactively mitigate risks.
• Parsing, Indexing, Searching concepts Hot, Warm, Cold, Frozen bucketing and splunk clustering.
• Setup and configuration of search head cluster with three search head nodes and managing the search head cluster with deployer.
• Involved in standardizing Splunk forwarder deployment, configuration and maintenance across UNIX and Windows platforms.
• Provide regular support guidance to SPLUNK project teams on complex solution and issue resolution with the objective of ensuring best fit and high quality.
• Interact with the data warehousing team regarding extracting the data and suggest the standard data format such that Splunk will identify most of the fields.
• Onboard new log sources with log analysis and parsing to enable SIEM correlation.Analyzed large datasets to identify metrics, drivers, performance gaps and opportunities for improvement
• Worked on setting up Splunk to capture and analyze data from various layers Load Balancers, Webservers and application servers.
• Write automation scripts for APIs, Unit and functional test cases using Selenium WebDriver.
• Write automation scripts for REST API's using TestNG and Java.
• Worked on DB Connect configuration for r, MySQL and MSSQL.
• Splunk DB Connect 2.0 in search head cluster environments of Oracle, MySQL
• Designed and implemented a NoSQL based database and associated RESTful web service that persists high-volume user profile data for vertical teams.
• Scripted SQL Queries in accordance with the Splunk.
• Created many of the proof-of-concept dashboards for IT operations, and service owners which are used to monitor application and server health.
• Created Dashboards, report, scheduled searches and alerts.
• Create dashboard from search, scheduled searches and Inline search vs scheduled search in a dashboard.
• Field Extraction, Using IFX, Rex Command and Regex in configuration files.
• Splunk administering in environments like Window Servers, Red Hat Linux Enterprise Servers.

Environment: SPLUNK 6.3.1, Linux, UNIX, Oracle 11g, MS SQL Server 2012, SQL, Joval, Rapid 7, Bluecoat, IBM QRadar, IBM Guardium,,VMF, Tripwire, Resilient, Service Now (ITAM)

Confidential, New Jersey

Splunk Admin/Developer

Responsibilities:

• Performed Splunk administration tasks such as installing, configuring, monitoring and tuning.
• Install and maintain the Splunk add-on including the DB Connect 1, Active Directory LDAP for work with directory and SQL database.
• Installed and configured Splunk DB Connect in Single and distributed server environments.
• Configure the add-on app SSO Integration for user authentication and Single Sign-on in Splunk Web.
• Automating in Splunk using Perl with Service-Now for event triggering.
• Deployed Splunk updates and license distribution over multiple servers using a deployment server.
• Create Dashboard Views, Reports and Alerts for events and configure alert mail.
• Monitor the Splunk infrastructure for capacity planning and optimization
• Server monitoring using tools likes Splunk, Solarwinds-Orion, HP BSM and HP Open View.
• Integrated ServiceNow with Splunk to generate the Incidents from Splunk.
• Active monitoring of Jobs through alert tools and responding with certain action logs, analyses the logs and escalate to high level teams on critical issues.
• Configured and administered Tomcat JDBC, JMS and JNDI services.
• Configured Node manager to remotely administer Managed servers
• Experience in handling network resources and protocols such as TCP/IP, Ethernet, DNS
• Splunk configuration that involves different web application and batch, create Saved search and summary search, summary indexes.
• Splunk search construction with ability to create well-structured search queries that minimize performance impact.
• Scaling up ELK (Elastic search/Log stash/Kibana) to index 90G a day of raw data(Tested alternative open source for splunk)
• Monitored the database (data tables and error tables), WebLogic error log files and application error log files to track and fix bugs.
• Ensuring that the application website is up and available to the users.
• Continuous monitoring of the alerts received through mails to check if all the application servers and web servers are up.
• Worked on DB Connect configuration for Oracle, MySQL and MSSQL.
• Supporting migration from Splunk On Premise data center to Amazon AWS
• Launching, Configuring, Supporting large scale instances on AWS
• Monitored Database Connection Health by using Splunk DB connect health dashboards.
• Created Crontab scripts for timely running jobs.
• Developed build scripts, UNIX shell scripts and auto deployment processes.
• Good experience in creating Splunk apps, navigations, interfaces and good experience on Splunk lookups, macros, Pivot, datamodels, lookupfiles and their publication into Splunk.
• Experience on use and understand of complex RegEx (regular expressions).
• Remedy administration, support and development with ITSM 7.x.

Environment: Splunk 6.x, Splunk Enterprise and splunk modules, WebLogic server 8.x/9.x/10.x/11g, Tomcat 6.0, IBM HTTP Server, Microsoft IIS 7.0, Apache 2.x, Solaris10, Windows 2008, Oracle 11g/10g, Mercury 7, HP Site scope, web services, LDAP, Oracle Access Manager, Mongo DB,JDK 1.7, SOA Suite 11g, Wily Introscope 8.x, JSP, EJBs, JMS, HTML, XML, JRUN, SSL, JDBC, JMS, JNDI