SUMMARY

• Over 7+ years of experience in designing, developing and delivering automation projects using Splunk.
• Monitored and managed Indexer Clusters including security, hot and cold bucket management and retention policies.
• Strong experience with Splunk 6.x and 7.x product, distributed Splunk architecture and components including search heads, indexes and forwarders.
• Experience in Operational Intelligence using Splunk.
• Splunk DB Connect 2.4.0 in search head cluster environments of Oracle.
• Headed Proof - of-Concepts (POC) on Splunk ES implementation, mentored and guided other team members on Understanding the use case of Splunk.
• Expertise in customizing Splunk for Monitoring, Application Management and Security as per customer requirements and industry best practice.
• ITSI integration with the information from these files across the ITSI app as part of ITSI workflows.
• Experience in Splunk ITSI Module and Splunk apps integration.
• Created log parsing, complex Splunk searches, including external table lookups.
• Interacted with the data warehousing team regarding extracting the data and suggest the standard data format such that Splunk will identify most of the fields
• Experience in creating dashboards and reports performance optimization. Implemented workflow actions to drive troubleshooting across multiple event types in Splunk.
• Generated Sub-Reports, Cross-tab, Conditional, Drill down reports, Drill through reports and Parameterized reports using SSRS.
• Expert in installing and configuring Splunk forwarders on Linux, Unix and Windows.
• Expert in installing and using Splunk apps for UNIX and Linux (Splunk nix)
• Production error monitoring and root cause analysis using Splunk.
• Involved in standardizing SPLUNK forwarder deployment, configuration and maintenance across Windows Servers
• Debug Splunk related and integration issues.
• Installed Splunk on nix & Splunk SOS and maintained Splunk instance for monitoring the health of the clusters
• Integrate Spunk Web console with Splunk Mobile App using Mobile Access server Add on
• Build, customize and deploy Splunk apps as per internal customers
• Configured Clusters for load balancing and fail over solutions.
• Install and configure Splunk Enterprise indexer, search head and universal forwarders
• Splunk configuration that involves different web application and batch, create Saved search and summary search, summary indexes.
• Experience on Splunk Enterprise Deployments and enabled continuous integration on as part of configuration (props.conf, Transforms.conf, Output.confg) management. Create Splunk Search Processing Language (SPL) queries, Reports, Alerts and Dashboards.
• Ability to provide engineering expertise and assistance to the Splunk user community Advanced Splunk Search Processing Language skills (SPL).
• Created and Managed Splunk DB connect Identities, Database Connections, Database Inputs, Outputs, lookups, access controls.
• Designed, developed and implemented multi-tiered Splunk log collection solutions.
• Installed, configured and administered JBoss Application server 5.0, 7.0 in various environments.
• Installed, configured and administered Web Servers like Apache 2.x HTTP Server, Apache Tomcat 6.x, Sun One 6.x Web Server and Microsoft IIS Server for WebLogic plug-ins.
• Strong experience with web/application servers like Apache Tomcat, Jetty, JBoss, IBM WebSphere, WebLogic.
• Strong experience using SQL, PL/SQL Procedures/Functions, Triggers and Packages.
• Creating accurate reports, Dashboards, Visualizations, Elastic search and Pivot tables for the business users.

TECHNICAL SKILLS

Splunk: Splunk 7.x and 6.x, Splunk Enterprise, Splunk on Splunk, Splunk DB 2 Connect, Splunk Cloud, Hunk, Splunk IT Service Intelligence, Splunk Web Framework

Operating Systems: Windows 2000, XP, Win 10, Windows Server, Unix/Linux (Red Hat), Free BSD

Security / Vulnerability Tools: Snort, Wireshark, Websense, Bluecoat, Palo Alto, Checkpoint Symantec, Qualys Vulnerability Manager, FireEye HX, Sophos, Sourcefire

RDBMS: Oracle 11g/10g/9i/8i, MS-SQL Server 2005/2008, Sybase, DB2 MS Access, Mysql

Networking Protocols and Tools: TCP/IP, HTTP/HTTPS, SSH, SSL, DNS, SNMP Routers, Switches, Load Balancers, Cisco VPN, MS- Direct Access

Programming Language: C, C++, Python, UNIX shell scripts, Programming Java, J2EE, SQL/PL SQL, HTML, DHTML, XML.

Monitoring Tool: Netcool, Dynatrace, tealeaf

PROFESSIONAL EXPERIENCE

Splunk Developer/Administrator

Confidential, Irving, TX

Responsibilities:

• Use Case Identified for Splunk and Submit ServiceNow request to Splunk Operation Team to confirm Proof of Value.
• Splunk Operations provides user with Project and Index names and User submits CMP for new Splunk Ad Group and created Service Catalog for the users.
• User checks data, reports and dashboards to ensure deployment was successful .
• Configuration changes from 3PAR to Splunk Using SSH and working out for the Disk failure issues with Splunk.
• Setup a Heavy Forwarder which has access to the SSH terminal of the Product and use that script as add-on to onboard the data to Splunk
• Configuring props.conf file to push the Bundles on the Cluster Master in order to get the Events breaking down in the logs.
• Using inputs.conf to monitor files and directories with Splunk. Inputs.conf provides the most configuration options for setting up a file monitor input by using RHEL 6.
• Using a load balancer the PCF Events are sprayed across multiple Indexers for better throughput.
• Installed, configured and administered Splunk Enterprise Server and Splunk Forwarder on RHEL 6.
• Supporting on the Dashboard for comparing from last week to this week. Giving out the permission along with the Dashboard name to the users.
• Monitored and managed Indexer Clusters including security, hot and cold bucket management and retention policies.
• Strong experience with Splunk 6.x and 7.x product, distributed Splunk architecture and components including search heads, indexes and forwarders.
• Experience in Operational Intelligence using Splunk. Splunk DB Connect 2.4.0 in search head cluster environments of Oracle.
• Headed Proof-of-Concepts (POC) on Splunk ES implementation, mentored and guided other team members on Understanding the use case of Splunk.
• Expertise in customizing Splunk for Monitoring, Application Management and Security as per customer requirements and industry best practice.
• ITSI integration with the information from these files across the ITSI app as part of ITSI workflows. Experience in Splunk ITSI Module and Splunk apps integration.
• Created log parsing, complex Splunk searches, including external table lookups.
• Interacted with the data warehousing team regarding extracting the data and suggest the standard data format such that Splunk will identify most of the fields.
• Experience in creating dashboards and reports performance optimization.
• Implemented workflow actions to drive troubleshooting across multiple event types in Splunk. Experience on Splunk Enterprise Deployments and enabled continuous integration on as part of configuration (props.conf, Transforms.conf, Output.confg) management.
• Knowledge in general security concepts (authentication, authorization, encryption, digital signatures, etc), PKI concepts and SSL.
• Configuration of inputs.conf and outputs.conf to pull the XML based events to splunk cloud indexer.
• Various types of charts alert settings Knowledge of app creation, user and role access permissions.
• Interact with the data warehousing team regarding extracting the data and suggest the standard data format such that Splunk will identify most of the fields.
• Creating, maintain, support, repair, customizing System & Splunk applications, search queries and dashboards.
• Installed Splunk Common Information Model add-on is packaged with Splunk Enterprise
• Security, Splunk IT Service Intelligence, and the Splunk App for PCI Compliance.
• Install, configure, and troubleshoot Splunk. Experience with regular expressions and using regular expressions for data retrieval.
• Work with application owners to create or update monitoring for applications.

Splunk Developer/Administrator

Confidential

Responsibilities:

• Installed, configured and administered Splunk Enterprise Server and Splunk Forwarder on Red Hat Linux and Windows servers.
• Setup Splunk Forwarders for new application tiers introduced into the environment and existing applications.
• Data collection from various systems/servers, Forwarder Management, creating and managing Splunk apps.
• Building Splunk queries by Splunk Search Processing Language (SPL) and Regular expressions.
• Creating, maintain, support, repair, customizing System & Splunk applications, search queries and dashboards.
• Created and configured KPI’s in Splunk IT Service Intelligence.
• Splunk ITSI to determine The KPI for the business.
• Experience creating and maintaining Splunk reports, dashboards, forms, visualizations, alerts.
• Developed specific content necessary to implement Security Use Cases and transform into correlation queries, templates, reports, rules, alerts, dashboards, and workflow
• Strong knowledge of Windows, Linux, and UNIX operating systems.
• Splunk SPL (Search Processing Language) and Dash boarding/Visualization. Setup dashboards for network device logs.
• Splunk Administration and analytics development on Information Security, Infrastructure and network, data security, Splunk Enterprise Security app, Triage events, Incident Analysis.
• Developed Splunk Objects and reports on Security baseline violations, Non-authenticated connections, Brute force attacks and many use cases.
• Experience on Splunk Enterprise Deployments and enabled continuous integration on as part of configuration (props.conf, Transforms.conf, Output.confg) management.
• Knowledge in general security concepts (authentication, authorization, encryption, digital signatures, etc), PKI concepts and SSL.
• Configuration of inputs.conf and outputs.conf to pull the XML based events to splunk cloud indexer.
• Various types of charts alert settings Knowledge of app creation, user and role access permissions.
• Interact with the data warehousing team regarding extracting the data and suggest the standard data format such that Splunk will identify most of the fields.
• Onboard new log sources with log analysis and parsing to enable SIEM correlation.Analyzed large datasets to identify metrics, drivers, performance gaps and opportunities for improvement
• Worked on setting up Splunk to capture and analyze data from various layers Load Balancers, Webservers and application servers.
• Splunk DB Connect 2.0 in search head cluster environments of Oracle, MySQL
• Designed and implemented a NoSQL based database and associated RESTful web service that persists high-volume user profile data for vertical teams.
• Scripted SQL Queries in accordance with the Splunk.
• Created many of the proof-of-concept dashboards for IT operations, and service owners which are used to monitor application and server health.
• Created Dashboards, report, scheduled searches and alerts.
• Create dashboard from search, scheduled searches and Inline search vs scheduled search in a dashboard.
• Splunk administering in environments like Window Servers, Red Hat Linux Enterprise Servers.
• Install, configure, and troubleshoot Splunk. Experience with regular expressions and using regular expressions for data retrieval. Work with application owners to create or update monitoring for applications.
• Performed searching and reporting modules (Splunk ITSI and Enterprise Security App).
• Configurations with deployment server, indexers, search heads, serverclass.conf, server.conf, apps.conf, props.conf, transform.conf, forwarder management configurations.
• AWS-hosted machine data analytics service, delivering real-time insights from logs, metrics and event data across the entire application lifecycle and stack
• Good experience in clustering, deploying apps through Splunk deployment server, deployer, Splunk version upgradation, creating roles and authentication.

Splunk Engineer

Confidential

Responsibilities:

• Improving diagnosing risk, security and compliance incidents with issues involving extensive analysis
• Assist to recommending security resolutions to management for better malware detection and endpoint security
• Introduced Search Head Clustering instead of pooling.
• Review overall system configurations of all Splunk servers and services.
• Identify errors and misconfigurations, potential upgrades, changes to increase performance, changes in ingestion rates and retention times to improve indexing, and log filtering to maximize Splunk Licensing.
• Building Splunk queries by Splunk Search Processing Language (SPL) and Regular expressions.
• Data collection from various systems/servers, Forwarder Management, creating and managing Splunk apps.
• Create new reports, metrics and dashboards.
• Onboard new data from various sources and Designing and building new log & data mining services including
• Planning, supporting of execution of assembling and Perform data mining and analysis, utilizing various queries and reporting methods.
• Requirement gathering and analysis. Interacted with team members and users during the design and development of the applications and Splunk Objects.
• Creating, maintain, support, repair, customizing System & Splunk applications, search queries and dashboards.
• Installed Splunk Common Information Model add-on is packaged with Splunk Enterprise
• Security, Splunk IT Service Intelligence, and the Splunk App for PCI Compliance.
• Install, configure, and troubleshoot Splunk. Experience with regular expressions and using regular expressions for data retrieval. Work with application owners to create or update monitoring for applications.
• Good experience in building Splunk Security Analytics. Lead logging enrollments from multi-tier applications into the enterprise logging platforms.
• Assist internal users of Splunk in designing and maintaining production-quality dashboards
• Ownership of the log & data mining service based on the Splunk product including
• This individual will also be expected to work with other departments, representing the team on all technical matters related to log monitoring and analysis
• The Splunk engineer should be familiar with a Linux environment, editing and maintaining Splunk configuration files and apps.
• Configurations with deployment server, indexers, search heads, serverclass.conf, server.conf, apps.conf, props.conf, transform.conf, forwarder management configurations.
• Good experience in clustering, deploying apps through Splunk deployment server, deployer, Splunk version upgradation, creating roles and authentication.
• Created Summary searches and reports; In depth knowledge of Splunk license usage and safeguarding from violation.

Splunk Developer

Confidential, Seattle, WA

Responsibilities:

• Developed Splunk infrastructure and related solutions as per automation toolsets.
• Experience in Splunk GUI development creating Splunk apps, searches, Data models, dashboards, and Reports using the Splunk query language.
• Interact with the data warehousing team regarding extracting the data and suggest the standard data format such that Splunk will identify most of the fields. Migration of ArcSight ESM from 6.0 to 6.9 version by exporting the packages and import into the 6.9 version.
• Install and configure Splunk DB Connect. Configuration and support of syslog-ng
• Interact with the data warehousing team regarding extracting the data and suggest the standard data format such that Splunk will identify most of the fields. Migration of ArcSight ESM from 6.0 to 6.9 version by exporting the packages and import into the 6.9 version.
• Handled as a Splunk Admin to capturing, analyzing and monitoring front end and middleware applications.
• Worked on setting up the Splunk to monitor the customer volume and track the customer activity.
• ITSI integration with the information from these files across the ITSI app as part of ITSI workflows
• Involved as a Splunk Admin in capturing, analyzing and monitoring front end and middle ware applications.
• Worked with Client engagements and data onboarding and writing alerts, dashboards using the Search Processing Language (SPL).
• Analyzed security-based events, risks and reporting instances.
• Developed parameterized reports, subreports, tabular reports using SSRS.
• As part of SIEM, monitored notable events through Splunk Enterprise Security (Using V3.0).
• Generated Shell Scripts to install Splunk Forwarders on all servers and configure with common Configuration Files such as Bootstrap scripts, Outputs.conf and Inputs.conf files.
• Onboard new log sources with log analysis and parsing to enable SIEM correlation.
• Involved in standardizing Splunk forwarder deployment, configuration and maintenance across UNIX and Windows platforms.
• Provide regular support guidance to SPLUNK project teams on complex solution and issue resolution with the objective of ensuring best fit and high quality.