SUMMARY

• Over 6.5+ years of experience in Information Technology field with strong experience as Splunk Admin and Developer. Strong experience with Splunk 5.x and 6.x product, distributed Splunk architecture and components including search heads, indexers and forwarders.
• Experience working on Splunk 5.x, 6.x, Splunk Enterprise Security 6.x, Splunk DBConnect 1.x, 2.x on distributed Splunk Environments and Clustered Splunk Environments on Linux and Windows operating systems.
• Extensive experience in Installation, Configuration, and Migration, Trouble - Shooting and Maintenance of Splunk, Apache Web Server on different UNIX flavors like Linux.
• Experience in installing and using Splunk apps for UNIX and Linux (Splunknix)
• Experience in Splunk development creating Apps, Dashboards, Data Models, etc.
• Experience on Splunk Enterprise Deployments and enabled continuous integration on as part of configuration management.
• Experience in Correlating events from a Network, OS, Anti-Virus, IDS/ IPS, Firewalls or Proxies and analyzing them for possible threats.
• Experience with Splunk Searching and Reporting modules, Knowledge Objects, Administration, Dashboards, Clustering and Forwarder Management.
• Created and Managed Splunk DB connect Identities, Database Connections, Database Inputs, Outputs, lookups, access controls.
• Monitored Database Connection Health by using Splunk DB connects health dashboards, JBoss and Apache Tomcat.
• Expertise in creating accurate reports, Dashboards, Visualizations and Pivot tables for the business users.
• Configured Splunk Searching and Reporting modules, Knowledge Objects, Administration, Add-On's, Dashboards, Clustering and Forwarder Management.
• Hands on development experience in customizing, visualizations, configurations, reports and search capabilities using customized Splunk queries.
• Experience in Dynatrace and app Dynamics for using System Health Check, Availability.
• Knowledge about Splunk architecture and various components (indexer, forwarder, search head, deployment server), Heavy Forwarder and Universal forwarder, License model.
• Designing and maintaining production-quality Splunk dashboards.
• Good experience in Splunk, WLST, Shell scripting to automate and monitor the environment routine tasks.
• Good Experience on Splunk IT Service Intelligence and worked Splunk ITSI Glass Table Visualization.
• Splunk Enterprise Deployments and enabled continuous integration on as part of configuration management.
• Monitored the Splunk system by identifying terrible missions, dashboards and wellbeing of Splunk and collaborate with individual gatherings to upgrade execution.
• Troubleshooting and handling post production issues, on-site support, worked closely with engineering to coordinate and provide all the required information and interacting with the client.
• Configured Splunk Searching and Reporting modules, Knowledge Objects, Administration, Add-On's, Dashboards, Clustering and Forwarder Management.
• Hands on development experience in customizing, visualizations, configurations, reports and search capabilities using customized Splunk queries.
• Installed and monitored Splunk Forwarders on Windows, UNIX and LINUX servers.
• Used XML, Advanced XML and Search Processing language (SPL) for creating Dashboards, views, alerts, reports and saved searches.
• Experience with customizing and creating rules and signatures for IDS/IPS to meet emerging vulnerabilities and provide enhanced detection capabilities.
• Upgraded and Optimized Splunk setup with new discharges.
• Used various Splunk Apps such as Splunk on Splunk, Universal Field Extractor, Splunk App for UNIX/Linux, Splunk DB Connect.
• Experience with Linux and Windows specialists for Splunk organization with a strong comprehension of the Splunk framework.
• Lead in all Technology deployment activities, connector configuration, custom rule development, workflow configuration and development, and third-party system integration.
• Developed customized Shell scripts in order to install, manage, configure multiple instances of SPLUNK forwarders, indexers, search heads, deployment servers.
• Created Splunk app for Enterprise Security to identify and address emerging security threats through the use of continuous monitoring, alerting and analytics.
• Configuration of SPLUNK data inputs by understanding various parsing parameters like Index, source, source typing, queue sizes, index sizes, index locations, read/write timeout values, line breaks, event breaks, time formats etc. during index-time.
• Skilled in deploying, configuring and administering Splunk clusters.
• Developed customized application configurations in SPLUNK to parse, index multiple types of log format across all application environments.
• Familiar in System Administration with Windows Servers, Red Hat Linux Enterprise Servers, Solaris and IBM AIX servers.
• Worked with source code organization instruments like CVS, SVN and Git. Presentation to outline organization gadgets like Puppet.
• Strong qualitative analysis skills to lend insight into highly ambiguous and sensitive business problems. In-depth understanding of processes and technology integration challenges.

TECHNICAL SKILLS

Log Analysis Tool: Splunk Enterprise Server 7.x/6.x, Splunk Universal Forwarder 7.x/6.x, Splunk DB Connect

Web/App Servers: Web Sphere Application Server 6.x/7.x/8.x, Web Sphere MQ Sever 6.x/7.x, WebSphere XD 6.0/6.1, IBM Http Server 6.x/7.x/8.x, Apache Web Server 2.x, Tomcat 5.5, IIS 6/7.x

Operating Systems: IBM AIX (5.1/6.1), RHL Linux, Windows Server 2003/2008 R2, VMWare

Programming: Java, J2EE, C++, C, SQL/PL SQL, HTML, DHTML, XML.

Scripting: JACL, Python, WSCP, WSADMIN, Korn Shell Script, Perl, JavaScript, CSS, Batch

Databases: Oracle (8i/9i), UDB/DB2, Sybase, MS SQL Server, IBM DB2

Monitoring tools: Wily Introscope 8.x/9.x, Tivoli, BSM Topaz, Tivoli Performance Viewer, IBM Thread and Heap Analyzers

Networking: TCP/IP Protocols, Socket Programming, DNS.

Frame work: MVC, J2EE Design Patterns, Struts.

IDE: Eclipse, RAD 7, Net Beans, Edit plus, TOAD

Others: Site Minder r6/r12/r12.5, Ping Federate 6.X,7.X

PROFESSIONAL EXPERIENCE

Confidential - Bloomington, IL

Splunk Administrator

Responsibilities:

• Installed, configured and administered Splunk Enterprise Server and Splunk Forwarder
• Created Splunk Apps using XML and Web Components. Knowledge of app creation, user and role access permissions.
• Created tags, Event types, field lookups, using regular expressions, aliases for search-time outputs and visualizations.
• Experience with Splunk search construction with ability to create well-structured search queries that minimize performance impact.
• Created Splunk app for Enterprise Security to identify and address emerging security threats through the use of continuous monitoring, alerting and analytics. Experience in working on Splunk Authentication methods, like LDAP Configuration, Creation of roles in Splunk.
• Worked with Splunk app for Enterprise Security to identify and address emerging security threats through the use of continuous monitoring, alerting and analytics.
• Created custom app configurations (deployment-apps) within SPLUNK to parse, index multiple types of log format.
• Experience with normalizing Log Data to CIM (Common Information Model) as required by Splunk ES (Enterprise Security) to meet the provided security use cases (Rules/Alert)
• Good Understanding of Splunk architecture, Knowledge about various components (indexer, forwarder, search head, deployment server).
• Setup Splunk Forwarders for new application tiers introduced into environment and existing applications.
• Built dashboards, views, alerts, reports, saved searches using XML, Advanced XML and Search Processing language (SPL) as and when required.
• Performed Field Extractions and Field Transformations using the Regular Expressions in Splunk.
• Good experience in building Splunk Security Analytics. Lead logging enrollments from multi-tier applications into the enterprise logging platforms.
• Installed Splunk Common Information Model add-on is packaged with Splunk Enterprise Security, Splunk IT Service Intelligence, and the Splunk App for PCI Compliance.
• Worked with EVAL Functions to create new field during search run time.
• Provide inputs for identifying best fit architectural solutions - deployment for Splunk project Monitored for Application core dumps, or forced thread dumps to check for system objects using thread analyzer.
• Knowledge of Network Firewalls, Load-balancers, LDAP and complex network design.
• Involved in developing complex scripts to automate batch jobs, troubleshooting and resolved the Splunk - performance, search poling, log monitoring issues; role mapping, dashboard creation etc.
• Handled production issues and non-production issues and worked with application teams, database teams and networking teams to resolve the issues.
• Responsible for monitoring Linux/Unix infrastructure including Linux, Solaris, AIX. Provide Performed Splunk Indexer/Search Heads upgradation, installation and configuration of Splunk Apps.
• Created Shell Scripts to install Splunk Forwarders on all servers and configure with common configuration files such as Bootstrap scripts, Outputs.conf and Inputs.conf Files.
• Involved in Root cause analysis for the issues encountered. Provided on call support for all the production applications.

Confidential - Temple Terrace, FL

Splunk Engineer

Responsibilities:

• Created Splunk app for Enterprise Security to identify and address emerging security threats using continuous monitoring, alerting and analytics.
• Troubleshoot and tune Splunk deployment for servers, applications and network devices.
• Worked on large datasets to generate insights by using SPLUNK.
• Production error monitoring and root cause analysis using SPLUNK.
• Using VMware For Cloud Computing and Splunk Virtualization Services.
• Dashboards and Reports to show Login count of each application, to show which app resources being accessed more, Number of failed logins, statistics on High hitting applications.
• Created Shell Scripts to install Splunk Forwarders on all servers and configure with common configuration files such as Outputs.conf and Inputs.conf files.
• Creation and implementation of shell scripts to take care of Splunk file backup, monitoring alert log and log rotation.
• Installation and configuration of own Apps to monitor system performance including Splunk internal logs.
• Involved in various phases of Software Development Life Cycle (SDLC) including Analysis, Design, Testing, Implementation and Maintenance.
• Created Splunk Search Processing Language (SPL) queries, Reports, Alerts and Dashboards
• Splunk Enterprise Deployments and enabled continuous integration on as part of configuration management
• Splunk configuration that involves different web application and batch, create Saved search and summary search, summary indexer
• Creating and Managing Apps, Create user, role and Permissions to Knowledge objects.
• Installed and configured heavy, universal, and intermediate forwarders.
• Created data models and used report acceleration for faster searches.
• Splunk configuration that involves different web application and batch, create Saved search and summary search, summary indexes.
• Actively involved in trouble shooting issues.
• Experienced in installing, configuring and administer Splunk Enterprise Server and Splunk Forwarders in large distributed environment comprising Windows and Linux with exposure to various Splunk Apps to monitor Splunk deployments.
• Supports, Monitors and manages the SIEM environment. Splunk Administration and analytics development on Information Security, Infrastructure and network, data security, Splunk Enterprise Security app, Triage events, Incident Analysis.
• Handled configuration of advanced dashboard creation and optimization.
• Resolve monitoring alerts for Solaris and AIX servers like disk, CPU, swap and processes.
• Worked on migration projects involving migration from UNIX based platform to Linux.
• Helped in upgrading servers from RHEL4.x to RHEL 5.x. primary administration support for 600 Linux Servers.
• Decommissioning applications from unused nodes and rebuilding them for new projects.
• Performed PXE based installations on IBM servers.
• Performed installation of new software packages, patches and upgrades.
• Created Splunk knowledge bundles, Forms/Views/Dashboards.
• Buildup of Forwarders and perform Software installation upgrades and upgrading Splunk as and when required using automation tools.
• Coordinated with various app support teams, training new hires, support team members.

Confidential

Splunk Engineer

Responsibilities:

• Dealt with Splunk Utilities (bucket rolling, User index creation and management, Sourcetype, forwarder log monitoring input and output configuration).
• Upgraded Splunk Enterprise from v 6.2 to v 6.5.2 in clustered environments and non-clustered environments
• Setup Splunk Forwarders for new application tiers introduced into the environment and existing applications Work closely with Application Teams to create new Splunk dashboards for Operation teams.
• Created Cloud Tables and Worked on Co relational Searches and Created multiple KPI Dashboards.
• Created Dashboards, report, scheduled searches and alerts.
• Experience in Splunk GUI development creating Splunk apps, searches, Data models, dashboards and Reports using the Splunk query language.
• Splunk Enterprise Security build custom searches and visualizations in both Splunk Core and Splunk ITSI
• Installed Forwarders for MDT and involved in data grooming to check that data is arriving clean in Splunk.
• Setup Splunk Forwarders for new application tiers introduced into environment and existing application.
• Testing new versions within DEV environments and conducting stress tests.
• Created an Active-Passive SPLUNK framework for fulfilling BCP requirements
• Used SPLUNK’s REST API in order to perform searches from various application interfaces.
• Configured Splunk forwarder to send unnecessary log events to “Null Queue” using props and transforms configurations to reduce license costs.
• Architected Splunk Environment in accordance with the client requirements.
• Manage Splunk and related hardware infrastructure, oversee production support, design the Splunk system to meet growth while maintaining a balance between performance, stability, and agility, and develop advanced scripts for the manipulation of multiple data repositories to support analyst requirements.
• Worked with Datacenter teams to resolve hardware issues and replace parts.
• Performed day to day activities related to monitoring, managing file space, log rotation,
• Managing scheduled backups through TSM, setting limits and kernel parameters.
• Co-ordinated with vendors, customer (users), managers to build systems and standards.
• Worked in various shifts to provide 24x7 support and on call support on weekends.

Confidential

Developer

Responsibilities:

• Created Splunk Search Processing Language (SPL) queries, Reports, Alerts and Dashboards
• Create rolled based AD access for Splunk.
• Onboard new log sources with log analysis and parsing to enable SIEM correlation.
• Active monitoring of Jobs through alert tools and responding with certain action w.r.t to logs, analyses the logs and escalate to high level teams on critical issues.
• Developed Splunk infrastructure and related solutions as per automation tool sets.
• Provide regular support guidance to Splunk project teams on complex solution and issue resolution with the objective of ensuring best fit and high quality for Application teams.
• Knowledge of security threats and vulnerabilities and how to detect and mitigate them, experience in building security monitoring and incident management solutions using Splunk.