SUMMARY:

• 8+ years of extensive experience in the IT industry with years of experience as Splunk developer, Administrator, Architect, Linux/UNIX, PLSQL, SQL DBA. In platform consisting of Red Hat Linux, Windows, and Sun Solaris operating systems.
• Experience working on Splunk 5.x,6.x, Splunk Enterprise Security 4.x, Splunk DBConnect 1.x,2.x on distributed Splunk Environments and Clustered Splunk Environments on Linux and Windows operating systems.
• Extensive experience in Installation, Configuration, and Migration, Trouble - Shooting and Maintenance of Splunk, Apache Web Server on different UNIX flavors like Linux.
• Experience in installing and using Splunk apps for UNIX and Linux (Splunknix).
• Experience in Splunk development creating Apps, Dashboards, Data Models, etc.
• Experience on Splunk Enterprise Deployments and enabled continuous integration on as part of configuration management.
• Experience in Correlating events from a Network, OS, Anti-Virus, IDS/ IPS, Firewalls or Proxies and analyzing them for possible threats.
• Experience with Splunk Searching and Reporting modules, Knowledge Objects, Administration, Dashboards, Clustering and Forwarder Management.
• Created and Managed Splunk DB connect Identities, Database Connections, Database Inputs, Outputs, lookups, access controls.
• Monitored Database Connection Health by using Splunk DB connects health dashboards, JBoss and Apache Tomcat.
• Expertise in creating accurate reports, Dashboards, Visualizations and Pivot tables for the business users.
• Worked on Security solutions (SIEM) that enable organizations to detect, respond and prevent these threats by providing valuable context and visual insights to help you make faster and smarter security decisions.
• Created Reports, Alerts and Dashboards by Splunk query language. Experienced in creating and running Cron Jobs for scheduled tasks.
• Manage team of ArcSight engineers for the consulting practice to assist customers with the full portfolio of ArcSight products.
• Managed Indexer Clusters including security, hot and cold bucket management and retention policies.
• Parsing, Indexing, Searching concepts Hot, Warm, Cold, Frozen bucketing.
• Monitored Fireeye traffic scanning for malware threats from web and email traffic.
• Knowledge about Splunk architecture and various components (Indexer, forwarder, search head, deployment server).
• Experience with Splunk UI/GUI development and operations.
• Set indexing property configurations, including time zone offset, custom source type rules. Configure Regex transformations to perform on data inputs.
• Helping application teams in on-boarding Splunk and creating Dashboard, Alert, and Reports etc. Experience on use and understand of complex Reg Ex (regular expressions).
• Various types of charts Alert settings Knowledge of App creation, user and role access permissions. Creating and Managing Apps, Create user, role and Permissions to Knowledge objects.
• Field Extraction, Using IFX, Rex Command and RegEx in configuration files.
• Knowledge of Extract keyword, Sed, Knowledge objects, Knowledge of various search commands like stats, chart, time chart, transaction, strptime, strftime, eval, where, xyseries, table etc.
• Time chart attributes such as Span, Bins, Tag, Event types, Creating Dashboards, Reports using XML. Create Dashboard from search, Scheduled searches of Inline search vs scheduled search in a Dashboard.
• Scripting and development skills using Perl and Python with strong knowledge of regular expressions.
• Have excellent logical, analytical & debugging skills Possesses high working qualities with good interpersonal skills, highly motivated, fast learner, good team player and very proactive in problem solving with providing best solutions.
• Provided 24/7 on-call support for production, strong team player, good analytical skills.

TECHNICAL SKILLS:

Splunk Modules: Splunk 5.x/6.x, Splunk Enterprise Security 6.X, Splunk DB Connect 1x,2.x, Splunk Cloud, Hunk, Splunk on Splunk, Splunk IT Service Intelligence, Splunk App for VMware, Splunk Web Framework

Application Servers: Oracle WebLogic Server 9.1/10.x,11g,12c, WebLogic Portal 10.x, JBoss 5.x/6.x/7.x, IBM WebSphere 6.x/7.x/8.x, Apache Tomcat 6.x/7.x.

Web Servers: Apache HTTP Server, Sun One (iPlanet) 6.0/ Sun One, IBM HTTP Web Server, IIS server

Operating Systems: Sun Solaris, RedHat LinuxWindows 98/XP/Vista/7/8, UNIX, Linux.

Databases: Oracle 11g/10g, MYSQL SERVER, DB2, MS Access

Languages: C, C++, Java, SQL and PL/SQL, Python.

Web Tools and Languages: JSP, Servlets, JDBC, Java Script, WLST, python, XML, HTML.

PROFESSIONAL EXPERIENCE:

Confidential, Scottsdale, AZ

Splunk Security/Administrator

Responsibilities:

• Installation and configuration of Splunk product at different environments.
• Upgraded Splunk Enterprise from v 6.2 to v 6.5.2 in clustered environments and non-clustered environments.
• Monitoring or analyzing the real-time events for the security devices like Firewall, IDS, Anti-Virus etc., using SIEM tools.
• Developed Splunk Dashboards , searches and reporting to support various internal clients in Security, IT Operations and Application Development.
• Analyzed security based events, risks and reporting instances
• Manage team of ArcSight engineers for the consulting practice to assist customers with the full portfolio of ArcSight products.
• Correlating events from a Network, OS, Anti-Virus, IDS/ IPS, Firewalls or Proxies and analyzing them for possible threats.
• Monitored Fireeye traffic scanning for malware threats from web and email traffic.
• Understand and interpret customer requirements for Splunk implementation for an enterprise solution.
• Provide deployment strategies with the understanding of affordable risk based on customer acceptance.
• Develop dashboards with visual metrics for stakeholders.
• Maintain the overall Splunk solution to include maintenance, enhancements and integration.
• Created and configured management reports and dashboards.
• Planned, implemented, and managed Splunk for log management and analytics
• Monitor security violations, flag potential violations and logging security incidents in Service Now and protected companies data.
• Validate the existing rules and provide recommendation on fine tuning the rules.
• Creating and sending Risk Advisories to our clients and protecting clients data.
• Suppress false positive alerts.
• Weekly/Monthly incident analysis report. Analyzing the events and providing solutions for the incidents.
• Involved in setting up alerts for a different type of errors, Data Enrichment using the lookups and Data Interpretation using the Fields and Fields Extraction and performing the Data Normalization using the Tags.
• Worked on Splunk architecture and various components (indexer, forwarder, search head, deployment server), Heavy & Universal forwarder, and License model.
• Good Understanding of configuration files, precedence and daily work exposure to Props.conf, transforms.conf, inputs.conf, outputs.conf and Setting up a forwarder information based on requirement.
• Maintained Splunk Environment with multiple indexers; managed and configured settings.
• Improved search performance by configuring to search heads for all Indexes in production.
• Analyzed security based events, risks and reporting instances.
• Developed Splunk queries and dashboards targeted at understanding application performance and capacity analysis.
• Worked for getting data in managing Splunk apps.
• Assisted internal users of Splunk in designing and maintaining production-quality dashboards.
• Splunk DB Connect 2.0 in search head cluster environments of Oracle.
• Installation and implementation of several kind of visualizations to Splunk dashboards.
• Continuous monitored of the alerts received through emails to check if all the application servers and web servers are up.
• Knowledge on Parsing, Indexing, Searching concepts Hot, Warm, Cold, Frozen bucketing.
• Assisted in various projects related to Bay Dynamics and CASB and ingested splunk into their environment.
• Conducted surveillance on various phishing emails and created alerts from future spam.
• Worked as part of Cyber Security Incident Response team to check on malware virus and threat emails. Developed Splunk Search Processing Language (SPL) queries, created Reports, Alerts and Dashboards and customized them. Implemented Dynamic drilldowns that provide greater flexibility to the end user.

Environment: Splunk 6.x, Splunk DB Connect and other modules, Oracle WebLogic 9.x/10.x, Tomcat 5.x/6.x, Oracle 9i/10g, Solaris 10, LINUX, Sun ONE Directory Server 6, Sun One Web Server 6.0, Apache 2.x, Python

Confidential, Pleasanton, CA

Splunk Admin/Developer

Responsibilities:

• Installation and configuration of Splunk product at different environments.
• Configured Splunk Searching and Reporting modules, Knowledge Objects, Administration, Add-On's, Dashboards, Clustering and Forwarder Management.
• Designing and maintaining production-quality Splunk dashboards.
• Developed Splunk Dashboards, searches and reporting to support various internal clients in Security, IT Operations and Application Development.
• Splunk Enterprise Deployments and enabled continuous integration on as part of configuration management.
• Worked on Security solutions (SIEM) that enable organizations to detect, respond and prevent these threats by providing valuable context and visual insights to help you make faster and smarter security decisions.
• Configured and developed complex dashboards and reports on Splunk.
• Involved in Installation, Administration and Configuration of Splunk Enterprise and integration with local legacy systems.
• Splunk DB Connect 2.0 in search head cluster environments of Oracle.
• Experience with Splunk UI/GUI development and operations roles.
• Expertise in creating and customizing Splunk applications, searches and dashboards as desired by IT teams and business.
• Analyzed security based events, risks and reporting instances.
• Drive complex deployments of Splunk dashboards and reports while working side by side with technical teams to solve their integration issues.
• Managed Indexer Clusters including security, hot and cold bucket management and retention policies.
• Setup and configuration of search head cluster with three search head nodes and managing the search head cluster with deployer.
• Independently identified opportunities to improve operational and other performance for Security, IT Operations and other clients.
• Responsible for documenting the current architectural configurations and detailed data flow and Troubleshooting Guides for application support.
• Splunk configuration that involves different web application and batch, create Saved search and summary search, summary indexes.
• Various types of charts, alerts settings, app creations, user and role access permissions.
• Creating and Managing Apps, Create user, role and Permissions to Knowledge objects.
• Managing indexes and cluster indexes, Splunk web framework, data model and pivot tables.
• Hands on development experience in customizing Splunk dashboards, visualizations, configurations, reports and search capabilities using customized Splunk queries.
• Worked on Splunk architecture and various components (indexer, forwarder, search head, deployment server), Heavy and Universal forwarder, License model.
• Designing and maintaining production-quality Splunk dashboards.
• Good experience in Splunk, WLST, Shell scripting to automate and monitor the environment routine tasks.

Environment: Splunk 6.x, Splunk DB Connect and other modules, Oracle WebLogic 9.x/10.x, Tomcat 5.x/6.x, Oracle 9i/10g, Solaris 10, LINUX, Sun ONE Directory Server 6, Sun One Web Server 6.0, Apache 2.x, Python

Confidential, Atlanta, GA

Splunk Admin/Developer

Responsibilities:

• Installation and configuration of various components like indexer, forwarder, search head, deployment server, Universal and Heavy forwarder.
• Provide Regular support guidance to Splunk project teams on complex solution and issue resolution.
• Helping application teams in on-boarding Splunk and creating dashboards/alerts/reports etc.
• Most of the time worked to install Universal Forwarders but we have heavy forwarders set up to see data from syslog server side.
• Worked on installing Universal Forwarders and Heavy Forwarders to bring any kind of data fields in to splunk.
• Involved in admin activities and worked on inputs.conf, index.conf, props.conf and transform.conf to set up time zone and time stamp extractions, complex event transformations and whether any event breaking.
• Involved in standardizing Splunk forwarder deployment, configuration and maintenance across UNIX and Windows platforms.
• Monitored Database Connection Health by using Splunk DB connects health dashboards, JBoss, Apache Tomcat.
• Integrate Service Now with Splunk to consume the alerts from Splunk and create service now tickets.
• Splunk DB Connect 2.0 in search head cluster environments of Oracle, MySql.
• Involved in writing complex IFX, Rex and Multikv command to extracts the fields from the log files.
• Created Dashboards for various types of business users in organization and worked on creating different Splunk Knowledge objects like Macros, IFX, Calculated fields, Tags, Event Types and Look ups.
• Field Extraction, Using IFX, Rex Command and Reg Ex in configuration files.
• Use techniques to optimize searches for better performance, Search time field extractions. And understanding of configuration files, precedence and working.
• Troubleshooting of searches for performance issues by adding lookups, correct joins and using summary indexes.
• Performed troubleshooting and/or configuration changes to resolve Splunk integration issues.
• Scripting and development using Perl and Python.
• Creating and managing apps, Create user, roles, Permissions to knowledge objects.

Environment: Splunk 6.x, Splunk DB Connect and other modules, Oracle 9i/10g, Solaris 10, Sun One Web Server 6.0, Apache 2.x, python

Confidential, Minneapolis

Splunk Developer

Responsibilities:

• Involved in accessing and normalizing data from multiple sources to Splunk indexer.
• Gathering various sources of syslog and XML data from devices, applications, and data bases.
• Perform daily health checks and maintain integrity of production environment by proactively resolving services impacting incidents.
• Setup Splunk Forwarders for new application tiers introduced into environment and existing application.
• Work closely with Application Teams to create new Splunk dashboards for Operation teams.
• Identify pattern and trends that are indicators of routine problems.
• Troubleshooting and resolve the Splunk - performance, log monitoring issues; role mapping, dashboard creation etc.
• Optimized Splunk for peak performance by splitting Splunk indexing and search activities across different machines.
• Using Search Processing Language (SPL) created Visualizations to get the value out of data.
• Managed Indexer Clusters including security, hot and cold bucket management and retention policies.
• Created EVAL Functions where necessary to create new field during search run time.
• Used Ifx, Rex and Regex commands for field extraction.
• Configured Splunk Searching and Reporting modules, Knowledge Objects, Administration, Regex, Dashboards, Clustering and Forwarder Management.
• Involved in writing complex IFX, rex and Multikv command to extracts the fields from the log files.
• Create Dashboard, Reports and Alerts for events and configure alert mail.

Environment: Splunk 6.0.1, Linux, UNIX, Oracle 11g, MS SQL Server 2012, SQL, XML, Java Script

Confidential

SQL Developer

Responsibilities:

• Managing databases, tables, indexes, views, stored procedures.
• Enforcing business rules with triggers and user defined functions, troubleshooting, and replication.
• Writing the Stored Procedures, checking the code for efficiency.
• Maintenance and Correction of Transact Sequel Server (T-SQL) Statements.
• Daily Monitoring of the Database Performance and network issues.
• Administering the MS SQL Server by Creating User Logins with appropriate roles, dropping and locking the logins, monitoring the user accounts, creation of groups, granting the privileges to users and groups.
• SQL Authentication.
• Rebuilding indexes on various tables.
• Preparing Test Cases and performing Unit Testing.
• Review of Unit and Integration test cases.
• Production Implementation and Post Production Support.

Environment: MS SQL Server 6.5, SQL Server 7, MS SQL Server 2000.

Confidential

SQL Developer

Responsibilities:

• Responsible and active in the analysis, design, implementation and deployment of full Software Development Lifecycle (SDLC) of the project.
• Defined the search criteria and pulled out the record of the customer from the database. Make the required changes and save the updated record back to the database.
• Developed Struts action classes, action forms and performed action mapping using Struts framework and performed data validation in form of beans and action classes.
• Developed Stored Procedures, Functions, Packages and SQL Scripts using PL/SQL.
• Loaded the data into database tables using SQL*loader from text and excel file.
• Developed data model, SQL Queries, SQL Query tuning process and Schemas.
• Worked with bulk collect to implement the performance of multi row queries.
• Data loaded from legacy systems using PL/SQL and SQL*Loader.
• Developed Shell scripts to automate execution of SQL scripts to check incoming data with master tables, insert the valid data into Customer Management System and invalid data into error tables, which will be sent back to sender notifying the errors.
• Involved in logical modeling and physical modeling of application.

Environment: Oracle 10g/9i, SQL, PL/SQL, SQL Loader, MS Access, UNIX Shell script, TOAD, Oracle Forms 10g, Reports10g, UNIX, Windows XP/2000.