Senior Splunk Admin/developer Resume
Tampa, FL
P ROFESSIONAL SUMMARY:
- Around 8 years of Total IT experience in configuring, implementing and supporting Splunk Server Infrastructure across Windows, UNIX and Linux.
- Experience in understanding of Splunk5.x and 6.x product, distributed Splunk architecture and components including installation of Search Heads, Indexers, Forwarders, Deployment Server, License Model and Heavy/Universal Forwarder.
- Proficient in Parsing, Indexing, Searching Concepts like Hot, Warm, Cold, Frozen bucketing.
- Creating dashboards with Scheduled Searches or Inline Search vs Scheduled Search in a Dashboard.
- Experience developing Splunk Queries and Dashboards targeted at understanding application performance and capacity analysis.
- Knowledge on Configuration files in Splunk props. conf, Transforms.confg, Output.confg.
- Experience in Tuning SQL queries using utilities like EXPLAIN PLAN, SQL Trace and TKPROF to improve the performance.
- Experience developing Splunk Queries and Dashboards targeted at understanding application performance and capacity analysis
- Design, Deploy, and Support enterprise Splunk logging application. Assist other enterprise instances as Splunk Subject Matter Expert SME.
- Expert in creating SQL Queries, PL/SQL Packages, Functions, stored procedures, cursors, Collections (Nested tables and V arrays), Records, Object types and Database Triggers.
- Familiar with the Subversion version control software.
- Splunk and Python Script is used to show how these logs can be analyzed for certain Events / Patterns and deduce information which can in turn be used to Self - learn and Self-Heal when these events re-occur on a regular basis.
- Assisted internal users of Splunk in designing and maintaining production quality dashboard.
- Ability to work in a team environment and as an individual with strong technical and communication skills, and good zeal in adapting new technologies in a fast-paced environment.
- Installed and configured Splunk Enterprise and Enterprise Security(ES)
- Performed troubleshooting and/or configuration changes to resolve Splunk integration issues. Scripting and development using Perl and Python. Creating and managing apps, Create user, roles, Permissions to knowledge objects.
- Experience in optimizing searches for better performance, Search time vs. Index time field extraction and understanding of configuration files, precedence and working.
- Gathered various sources of syslog and XML data from devices, applications, and data bases.
- Involved in writing complex IFX, Rex and Multi kv command to extracts the fields from the log files. X.
TECHNICAL SKILLS:
Operating Systems: Microsoft windows, Linux, Unix, Development Methodologies & process waterfall and Agile Methodology
Information Security: Splunk ES
Splunk Modules: Splunk 6.2, Splunk 6.1.3, Splunk on Splunk, Splunk Enterprise 7.x, Splunk DB Connect, Splunk Cloud, Splunk Web Framework
Databases: Oracle, MongoDB, SQL Server, MySQL
Monitoring tools: SPLUNK 6.2, SPLUNK 6.3.3, SPLUNK 6.4, AppDynamics, Dynatrace.
Web Technologies: Html, JavaScript, CSS
Testing tools: JMeter and Postman.
Web Servers: Apache Tomcat, WAMP, JBoss, IBM WebSphere, Azure, Oracle.
Languages: C#,VB6, UNIX Shell/Bash Scripting, JAVA/J2EE.
PROFESSIONAL EXPERIENCE:
Senior Splunk Admin/Developer
Confidential - Tampa, FL
Responsibilities:
- Installation and configuration of Splunk product at different environments. Configured Splunk Searching and Reporting modules, Knowledge Objects, Administration, Add-On's, Dashboards, Clustering and Forwarder Management.
- Monitoring or analyzing the real-time events for the security devices like Firewall, IDS, Anti-Virus etc., using SIEM tools.
- Developed Splunk Dashboards, searches and reporting to support various internal clients in Security, IT Operations and Application Development.
- Analyzed security-based events, risks and reporting instances. Correlating events from a Network, OS, Anti-Virus, IDS/ IPS, Firewalls or Proxies and analyzing them for possible threats.
- Understand and interpret customer requirements for Splunk implementation for an enterprise solution.
- Provide deployment strategies with the understanding of affordable risk based on customer acceptance.
- Created and configured management reports and dashboards. Planned, implemented, and managed Splunk for log management and analytics
- Monitor security violations, flag potential violations and logging security incidents in Service Now.
- Validate the existing rules and provide recommendation on fine tuning the rules. Creating and sending Risk Advisories to our clients.
- Suppress false positive alerts. Weekly/Monthly incident analysis report. Analyzing the events and providing solutions for the incidents.
- Involved in setting up alerts for a different type of errors, Data Enrichment using the lookups and Data Interpretation using the Fields and Fields Extraction and performing the Data Normalization using the Tags.
- Good Understanding of configuration files, precedence and daily work exposure to Props.conf, transforms.conf, inputs.conf, outputs.conf and Setting up a forwarder information based on requirement.
- Maintained Splunk Environment with multiple indexers; managed and configured settings.
- Improved search performance by configuring to search heads for all Indexes in production.
- Analyzed security-based events, risks and reporting instances. Developed Splunk queries and dashboards targeted at understanding application performance and capacity analysis.
- Worked for getting data in managing Splunk apps. Assisted internal users of Splunk in designing and maintaining production-quality dashboards.
- Splunk DB Connect 2.0 in search head cluster environments of Oracle. Installation and implementation of several kinds of visualizations to Splunk dashboards.
- Continuous monitored of the alerts received through emails to check if all the application servers and web servers are up.
- Knowledge on Parsing, Indexing, Searching concepts Hot, Warm, Cold, Frozen bucketing.
- Conducted surveillance on various phishing emails and created alerts from future spam. Worked as part of Cyber Security Incident Response team to check on malware virus and threat emails.
- Developed Splunk Search Processing Language (SPL) queries, created Reports, Alerts and Dashboards and customized them.
Environment: Splunk 6.x, Splunk DB Connect and other modules, Oracle WebLogic 9.x/10.x, Tomcat 5.x/6.x, Oracle 9i/10g, Solaris 10, LINUX, Sun ONE Directory Server 6, Sun One Web Server 6.0, Apache 2.x, Python
Splunk Admin/ Developer
Confidential - Los Angeles, CA.
Responsibilities:
- Installation of Splunk Enterprise, Splunk forwarders’, Splunk Indexer, Apps in multiple servers (Windows and Linux) with automation.
- Install and maintain the Splunk adds-on including the DB Connect, Active Directory LDAP for work with directory and SQL database.
- Manage Splunk configuration files like inputs, props, transforms, and lookups.
- Deploy, configure and maintain Splunk forwarder in different platforms.
- Ensuring that the application website is up and available to the users.
- Continuous monitoring of the alerts received through mails to check if all the application servers and web servers are up.
- Create Splunk Search Processing Language (SPL) queries, Reports, Alerts and Dashboards.
- Problem record analysis and solution providing.
- Field Extraction, Using Ifx, Rex Command and Regex in configuration files.
- Creating Reports, Pivots, alerts, advance Splunk search and Visualization in Splunk enterprise.
- Modification of python scripting for SCCM and HP Server Automation for Splunk deployments and updates.
- Provide power, admin access for the users and restrict their permission on files.
- Installed, tested and deployed monitoring solutions with Splunk services.
- Provided technical services to projects, user requests and data queries.
- Implemented forwarder configuration, search heads and indexing.
- Assisted in auditing through Splunk SME knowledge.
- Supported data source configurations and change management processes.
- Maintained and managed assigned systems, Splunk related issues and administrators.
- Performed Splunk administration tasks such as installing, configuring, monitoring and tuning.
- Active monitoring of Jobs through alert tools and responding with certain action w.r.t to logs, analyses the logs and escalate to high level teams on critical issues.
- Worked on log parsing, complex Splunk searches, including external table lookups.
- Designing and maintaining production-quality Splunk dashboards.
- Splunk configuration that involves different web application and batch, create Saved search and summary search, summary indexes.
- Deployed applications on multiple WebLogic Servers and maintained Load balancing, High availability and Fail over functionality.
- Involved in monitoring the ticketing tool and taking the ownership of the tickets.
- Developed build scripts, UNIX shell scripts and auto deployment processes.
Environment: Splunk 6.x, Linux, UNIX, Oracle 11g, MS SQL Server 2012, SQL, XML, Java Script, MS Excel, MS Power Point.
Splunk Admin/Developer
Confidential - Palm Beach, Florida
Responsibilities:
- Installation and configuration of Splunk product at different environments. Configured Splunk Searching and Reporting modules, Knowledge Objects, Administration, Add-On's, Dashboards, Clustering and Forwarder Management.
- Install and maintain the Splunk adds-on including the DB Connect, Active Directory LDAP for work with directory and SQL database.
- Create Splunk Search Processing Language (SPL) queries, Reports, Alerts and Dashboards.
- Creating Reports, Pivots, alerts, advance Splunk search and Visualization in Splunk enterprise.
- 1Provided technical services to projects, user requests and data queries.
- Performed data conversions from flat files to a normalized database structure.
- Created and maintained Indexes for various fast and efficient reporting processes.
- Import & Export of data from one server to other servers using tools like Data Transformation Services (DTS) and bulk copy. Periodic monitoring of the system for bottlenecks.
- Worked with management to update security manuals and address current concerns.
- Participated in Tools tribe meetings and gathered requirements from all SME's and developed dashboards for WIB, Bill pay, Navv app, www app.
- Worked for getting data in managing Splunk apps. Assisted internal users of Splunk in designing and maintaining production-quality dashboards.
- Knowledge on Parsing, Indexing, Searching concepts Hot, Warm, Cold, Frozen bucketing.
- Maintained Splunk Environment with multiple indexers; managed and configured settings.
- Created EVAL Functions where necessary to create new field during search run time.
- Used Ifx, Rex and Regex commands for field extraction.
- Identify pattern and trends that are indicators of routine problems.
- Implemented forwarder configuration, search heads and indexing.
- Built dashboards, views, alerts, reports, saved searches using XML Search
Processing language (SPL).
- Analyzed and monitored incident management and incident resolution problems. Involved in transformation of IRS ETI user requirements into Splunk ITSI Use cases.
- Created ITSI Dashboards/ Glass-Tables
- Resolved configuration-based issues in coordination with infrastructure support teams.
- Created many Splunk ITSI Log Analytics artifacts describing IEP Services.
- Maintained and managed assigned systems, Splunk related issues and administrators.
- Optimized Splunk for peak performance by splitting Splunk indexing and search activities across different machines.
Environment: Splunk 6.0.1, ITSI,Linux, UNIX, Oracle 11g, MS SQL Server 2012, SQL, XML, Java Script, MS Excel, MS Power Point.
Splunk Admin
Confidential
Responsibilities:
- Splunk technical implementation, planning, customization, integration with big data and statistical and analytical modeling.
- Configured Splunk Searching and Reporting modules, Knowledge Objects, Administration, Add-On's, Dashboards, Clustering, and Forwarder Management.
- Administer and configure Splunk components like Indexer, Search Head, Heavy forwarder etc.; deploy Splunk across the UNIX and Windows environment; Optimized Splunk for peak performance by splitting Splunk indexing and search activities across different machines.
- Performed Splunk administration tasks such as installing, configuring, monitoring, and tuning.
- Developed Cyber Security Standards on NIST Frameworks and insured their proper implementation to reduce the risk of vulnerability to IT assets.
- Setup Splunk forwarders for new application tiers introduced into an existing application.
- Experience in working with Splunk authentication and permissions and having significant experience in supporting large-scale Splunk deployments.
- Coordinate incident handling with IT and Security staff.
- Process phone calls and email requests for events.
- Manage the Security Incident and Event Management (SIEM) infrastructure
- Analyze network traffic and various log data and open source information to determine the threat against the network required response, containment, investigation, and remediation.
- Responsible for incident response, tuning, system administration, operations and maintenance of the Security Incident and Event Management (SIEM) system
- Monitored Security Management Console for Security Operation Centre (SOC) for ensuring confidentiality, Integrity and Availability of Information systems.
- Perform cyber and physical access control log monitoring to include firewall logs, IPS logs, anti-virus logs, web logs, and SIEM logs.
- Onboarding of new data into Splunk. Troubleshooting Splunk and optimizing performance.
- Actively involved in standardizing Splunk Forwarder deployment, configuration, and maintenance across various Operating Systems.
- Monitored Security Management Console for Security Operation Centre (SOC) for ensuring confidentiality, Integrity and Availability of Information systems.
- Created Dashboards, Visualizations, Statistical reports, scheduled searches, alerts and worked on creating different other knowledge objects.
Environment: Splunk6.1.3, Oracle 11g, SQL Developer, python scripting, Linux, UNIX, UNIX shell scripting.
Splunk Developer
Confidential
Responsibilities:
- Installation and configuration of Splunk product at different environments like Linux Ubuntu, Centos and Windows Environments.
- Worked on Multiple Production Roles and Created Alerts with Using of Splunk, Also Created Multiple dashboards and Alerts at a time.
- Involved in Installation, Administration and Configuration of Splunk Enterprise and integration with local legacy systems.
- Configured Splunk Searching and Reporting modules, Knowledge Objects, Administration, Add-On's, Dashboards, Clustering and Forwarder Management.
- Hands on development experience in customizing, visualizations, configurations, reports and search capabilities using customized Splunk queries.
- Good experience in Splunk, WLST, Shell scripting to automate and monitor the environment routine tasks.
- Worked on Application Performance Management (APM) for Server, database Monitoring to Detect and Diagnose Complex Application Server Performance.
- Created Splunk ITSI log Analytics artifacts Describing IEP services, Defining KPI's and Configuration Thresholds.
- Worked on Service now tool for ticket Raising and worked VM ware and AWS Virtual System Platforms
- Experience on Configured and developed complex dashboards and reports on Splunk.
- Splunk DB Connect 2.0 in search head cluster environments of Oracle. Worked on Splunk UI/GUI development and operations roles.
- Using the Site Scope for different Monitored Applications Servers Web Logic, Web sphere and data base servers like MY SQL and Oracle.
- Developed Various Reports Using on Java XML Files and Developed J2EE Application on Linux and Windows Platforms.
- Expertise in creating and customizing Splunk applications, searches and dashboards as desired by IT teams and business.
- Managed Indexer Clusters including security, hot and cold bucket management and retention policies.
- Integrate Service Now with Splunk to consume the alerts from Splunk and create service now tickets.
Environment: Splunk 6.x, Splunk DB Connect 2.0 and other modules, Oracle WebLogic 9.x/10.x, JBoss 5.x/6.x, Tomcat 5.x/6.x, App Dynamics, 4.2.X, Oracle 9i/10g, Solaris 10, LINUX, Unix Shell Script, Server 6.0, Apache 2.x, python.