PROFESSIONAL SUMMARY:

• About 5 years of experience in Information Technology field as Splunk Developer/Admin.
• Expertise in Installing, Configuring, Migrating, Trouble - Shooting and Maintenance of Splunk components and infrastructure.
• Experience working on Splunk 5.x,6.x, Splunk Enterprise Security 4.1, Splunk DB Connect 1.x,2.x on distributed Splunk Environments and Clustered Splunk Environments on Linux and Windows operating systems
• Installed, configured and Administered Splunk Search Head, Indexers, Heavy Forwarders, Deployment Server, Cluster Master, Deployer, License Master and Universal Forwarder on Linux and Windows operating systems
• Experience with Splunk Searching and Reporting modules, Knowledge Objects, Administration, Add-On’s, Dashboards, Clustering and Forwarder Management
• Created and Managed Splunk DB connect Identities, Database Connections, Database Inputs, Outputs, lookups, access controls
• Monitored Database Connection Health by using Splunk DB connect health dashboards
• Experience with Splunk technical Implementation, planning, customization, integration with big data and statistical and analytical modelling
• Having a very good experience in creating accurate reports, Dashboards, Visualizations, Elastic search and Pivot tables for the business users.
• Strong Knowledge on apps like Splunk DB Connect, Splunk App for AWS, Splunk on Splunk, App for Unix, App for JMX and DMC/Monitoring Console
• Expert with various search commands like stats, chart, timechart, transaction, eval, table etc.,
• Expertise in using the commands like rex, erex, sed and IFX to extract the fields from log files.
• Used Syslog-ng to split logs out nicely so universal forwarder can pick and stream to the indexer.
• Expertise in Parsing, Indexing, Searching concepts Hot, Warm, Cold, Frozen buckets.
• Experience in rsyslog TCP/UDP ports, source Ip connections with restrictions.
• Good knowledge on Objects such as Event Types, Tags, Field Extraction (Using Regular Expression), Lookups etc.,
• Used techniques to optimize searches for better Performance, Search Time vs Index Time Field Extraction
• Good knowledge of creating and implementing of shell scripts to take care of Splunk file backup, monitoring alert log and log rotation.
• Good Experience with Splunk UI/GUI development activities by managing the Splunk knowledge objects like Field extraction, Tags and Lookups management.
• Highly skilled in Splunk to build, configure and maintain different environments and in-depth knowledge of log analysis generated by various operating systems.
• Installed and monitored Splunk Forwarders on Windows, UNIX and LINUX servers.
• Used XML, Advanced XML and Search Processing language (SPL) for creating Dashboards, views, alerts, reports and saved searches.
• Used various Splunk Apps such as Splunk on Splunk, Universal Field Extractor, Splunk App for UNIX/Linux, Splunk DB1 Connect.
• Expertise in Creating Splunk app for Enterprise Security to identify and address emerging security threats using continuous monitoring, alerting and analytics.
• Knowledge on Configuration files in Splunk (props.conf, Transforms.conf, Output.confg)
• Create Splunk Search Processing Language (SPL) queries, Reports, Alerts and Dashboards.
• Extensively used various extract keyword, search commands like stats, chart, time chart, transaction, strptime, strftime, eval, where, xyseries, table etc

TECHNICAL SKILLS:

Splunk: Splunk 5.x and 6.x, Splunk Enterprise, Splunk on Splunk, Splunk DB 2 Connect, Splunk Cloud, Hunk, Splunk IT Service Intelligence, Splunk Web Framework

Operating Systems: Windows 2000, XP, Win 10, Windows Server, Unix/Linux (Red Hat), Free BSD

RDBMS: Oracle 11g/10g/9i/8i, MS-SQL Server 2000/2005/2008, Sybase, DB2 MS Access, MySQL

Networking Protocols and Tools: TCP/IP, HTTP/HTTPS, SSH, SSL, DNS, SNMP Routers, Switches, Load Balancers, Cisco VPN, MS- Direct AccessProgramming Language: C, C++, Java with Big Data, Python, UNIX shell scripts

SIEM: Splunk, ArcSight

Database and Cloud Servers: AWS, Oracle 11g/10g/9i/8i, MS-SQL Server 2000/2005/2008, Sybase, DB2 MS Access, MySQL.

Software methodologies & concepts: SDLC, Object Oriented Analysis and Design, Unified Modeling Language (UML), Assembly and System Level Testing, exposure in Agile.

Web/Application Servers: Apache Tomcat.

Remote Access Tool: PuTTY.

Version Control Tool: Git.

Project Management Tool: Jira, Rally.

PROFESSIONAL EXPERIENCE:

Confidential, Kansas City, MO

Splunk Engineer

Responsibilities:

• Involved in Upgrading the development environment to 6.x version
• Installed and configured Splunk Universal Forwarders on both UNIX (Linux, Solaris, and AIX) and Windows Servers.
• Configured Splunk Searching and Reporting modules, Knowledge Objects, Administration, Add-On's, Dashboards, Clustering and Forwarder Management.
• Installed and configured Splunk DB Connect in Single and distributed server environments.
• Built custom Splunk dashboards for index lag, license usage etc.,
• Created Dashboards for various types of business users in organization and worked on creating different Splunk Knowledge objects like Macros, calculated fields, Tags, Event Types and Look ups.
• Creating alerts to trigger when there are errors in indexing.
• Hands on experience in customizing Splunk dashboards, visualizations, configurations using customized Splunk queries.
• Involved in troubleshooting of Clustering and optimizing performance.
• Upgraded the Splunk DB connect to 3.x version.
• Install and maintain the Splunk add-on including the DB Connect, Active Directory LDAP for work with directory and SQL database.
• Installed and configured Splunk DB Connect in Single and distributed server environments.
• Monitored license usage, indexing metrics, Index Performance, Forwarder performance, death testing.
• Created advanced Dashboards, alerts, advanced Splunk searches and visualization in Splunk Enterprise.
• Monitored Splunk Alerts and configure scheduled alerts based on the customer requirement.
• Assisted internal users of Splunk in designing and maintaining production-quality dashboards.
• Monitored Splunk infrastructure for capacity planning, system health, availability, and optimization.
• Gathered requirements from client creating catalogues items like questionnaires.
• Created macros using Rest API's for various saved searches in our environment.
• Created tags, Event types, field lookups, using regular expressions, aliases etc. for search-time outputs and visualizations.
• Created the reports and saved searches for the development environment.
• Developed various dashboards, reports for IT Infrastructure, IT Security, Leadership and other relevant stakeholders.
• Created custom app configurations (deployment-apps) within SPLUNK to parse, index multiple types of log format.
• Created Splunk Apps using XML and Web Components. Knowledge of app creation, user and role access permissions.
• Production experience in large environments using configuration management tools like Chef, Ansible and Puppet supporting Chef Environment with 500+ servers and involved in developing manifests
• Performed troubleshooting and configuration changes to resolve Splunk configuration issues.
• Experience installing and managing different automation and monitoring tools on Redhat Linux like Splunk, Chef and Puppet.
• Created Tableau worksheet which involves Schema Import, Implementing the business logic by customization.
• Prepared dashboards using calculated fields, groups, sets and hierarchies in Tableau. Generated Tableau dashboards with combination charts for clear understanding .
• Utilized advance features of Tableau software like to link data from different connections together on one dashboard and to filter data in multiple views at once.

Confidential, Alpharetta, GA

Splunk Developer/ Admin

Responsibilities:

• Installed, configured and administered Splunk Enterprise Server and Splunk Forwarder on Redhat Linux and Windows servers.
• Setup Splunk Forwarders for new application tiers introduced into environment and existing applications.
• Built dashboards, views, alerts, reports, saved searches using XML, Advanced XML and Search Processing language (SPL) as and when required.
• Performed Field Extractions and Field Transformations using the Regular Expressions in Splunk.
• Worked in data-flow design for data ingestion, transformation and analytics layers.
• Created Splunk Apps using XML and Web Components. Knowledge of app creation, user and role access permissions.
• Experience in Splunk GUI development creating Splunk apps, searches, Data models, dashboards, and Reports using the Splunk query language.
• Provide regular support guidance to Splunk project teams on complex solution and issue resolution.
• Experience in dashboards and reports performance optimization. Working knowledge of scripting languages (e.g. Python, bash, etc.).
• Generated Shell Scripts to install Splunk Forwarders on all servers and configure with common Configuration Files such as Bootstrap scripts, Outputs.conf and Inputs.conf files.
• Onboard new log sources with log analysis and parsing to enable SIEM correlation.
• Configuration of inputs.conf and outputs.conf to pull the XML based events to Splunk cloud indexer.
• Knowledge about Splunk architecture and various components (indexer, forwarder, search head, deployment server), Heavy and Universal forwarder, License model.
• Splunk configuration that involves different web application and batch, create Saved search and summary search, summary indexes.
• Worked on log parsing, complex Splunk searches, including external table lookups.
• Use techniques to optimize searches for better performance, Search time vs Index time field extraction. And understanding of configuration files, precedence and working.
• Responsible for administering, maintaining, and configuring a 24 x 7 highly available, Splunk apps for production portal environment.
• Worked on configuration files inputs. conf, indexes. conf, props. conf, serverclass.conf, transforms. conf and limit.conf.
• Debugging Chef Recipes and their execution trying to pull logs into Splunk and monitor deployments.
• Developed automation scripting in Python (core) using Puppet to deploy and manage Java applications across Linux servers.

Confidential

Splunk Developer

Responsibilities:

• Extensively involved in all phases of SDLC (Software Development Life Cycle) using agile methodology.
• Installation of security and monitoring equipment, provide expert analysis for placement of security equipment for business and home protection services, including software and hardware installation or upgrades to existing systems.
• Deployed and configured multiple companywide enterprise security solutions including Splunk.
• Strong understanding of Splunk Enterprise configurations specifically when using in a security related environment.
• Monitored network traffic and bandwidth for anomalies via Splunk.
• Monitor company’s internal logs and traffic via Splunk to proactively investigate suspicious traffic and determine if the anomalies were malicious.
• Validate test findings using Splunk Enterprise by creating extensive search queries and custom reports to only show the relevant results from the test.
• Performed Splunk administration tasks such as installing, configuring, monitoring and tuning.
• Configure the add-on app SSO Integration for user authentication and Single Sign-on in Splunk Web.
• Implemented forwarder configuration, search heads and indexing.
• Created Dashboards, report, scheduled searches and alerts.
• Resolved configuration-based issues in coordination with infrastructure support teams.
• Prepared, arranged and tested SPLUNK search strings and operational strings.
• Analyzed security-based events, risks and reporting instances.
• Developing custom web application solutions for internal ticket metrics reporting.
• Provide regular support guidance to SPLUNK project teams on complex solution and issue resolution with the objective of ensuring best fit and high quality.
• Interact with the data warehousing team regarding extracting the data and suggest the standard data format such that Splunk will identify most of the fields.
• Onboard new log sources with log analysis and parsing to enable SIEM correlation.
• Good Understanding of Splunk architecture, Knowledge about various components (indexer, forwarder, search head, deployment server).
• Creation and implementation of shell scripts to take care of Splunk file backup, monitoring alert log and log rotation.
• Installation and configuration of own Apps to monitor system performance including Splunk internal logs.
• Handled configuration of advanced dashboard creation and optimization.
• User/Group Administration - Splunk authentication with LDAP for user accounts/groups creation and bindings of LDAP groups to Splunk.
• Dealt with Splunk Utilities (bucket rolling, User index creation and management, Source-type, forwarder log monitoring input and output configuration).
• Testing new versions within DEV environments and conducting stress tests.
• Created an Active-Passive SPLUNK framework for fulfilling BCP requirements