SUMMARY

• 10+ years of experience in designing, developing and delivering automation projects using Splunk Splunk, ETL & SQL.
• Experience as Splunk Admin/Developer, performed activities including requirement analysis, design and implementations of various client server - based applications using Splunk 5.x, Splunk 6.x.
• Expertise in customizing Splunk for Monitoring, Application Management and Security as per customer requirements and industry best practice.
• Expert in analyzing data, correlating trends, building reports and report writing.
• Expertise with the usage of various search commands like stats, chart, timechart, transaction, strptime, strftime, eval, where, xyseries, table etc.
• Experience in using Regular Expressions.
• Managed Indexer Clusters including security, hot and cold bucket management and retention policies. Used techniques to optimize searches for better performance, Search time vs Index time field extraction and understanding of configuration files, precedence and working props.conf, transforms.conf, inputs.conf, outputs.conf setting up a forwarder Monitor stanza in inputs.conf.
• Involved in helping the UNIX and Splunk administrators to deploy Splunk across the UNIX and windows environment.
• Expert in install, configure and administer Splunk Enterprise Server and Splunk Universal Forwarder Splunk Heavy Forwarder in large distributed environment comprising Windows, Red hat Solaris, AIX with exposure various Splunk Apps to monitor Splunk deployments.
• Install and configure Splunk DB Connect and support of syslog-ng and rsyslog and Security Operation Centre (SOC).
• Perform Enterprise Linux tasks as they pertain to supporting the Splunk application.
• Experience in Quality assurance,Test automation, Synthetic Monitoring and Mobile device Management. Experienced in all data processing phases, from the Enterprise Model, Data Model (Logical and Physical Model), and Data Warehousing (ETL).
• Experience in Big Data and familiar with components of Hadoop Ecosystem: HDFS, HAWQ, Hive, HBase, Pig.
• Normalization of fields and defining the event types used CIM (Common Information Model). Extensive experience in writing Packages, Stored Procedures, Functions and Database Triggers using PL / SQL and UNIX Shell scripts. Also handled Oracle utilities like SQL Loader, import etc.
• Extensive Data Warehouse experience using Informatica 7/8.x/9 Power Center tools (Source Analyzer, Mapping Designer, Mapplet Designer, Transformation Designer, Repository Manager, and Server Manager) as ETL tool on Oracle /DB2 Database.
• Worked with SIEM team monitoring notable events through Splunk ES. Experienced in Data Extraction, Transforming and Loading (ETL) between Homogenous and Heterogeneous Systems using SQL Server tools like SSIS, DTS, Bulk Insert, BCP and XML, Data loss prevention.
• Extensive experience in writing Packages, Stored Procedures, Functions and Database Triggers using PL/SQL and UNIX Shell scripts. Also handled Oracle utilities like SQL Loader, import etc. Working knowledge of data warehouse techniques and practices, experience including ETL processes, dimensional data modeling (Star Schema, Snow Flake Schema, FACT & Dimension. Tables), OLTP and OLAP.
• Strong experience using SQL, PL/SQL, NoSQL Procedures/Functions, Triggers and Packages. Very good understanding of software development life-cycle (SDLC) process and OSI Model. Experience in in SIEM, AND CIM, AND CLI commands.
• Experience in various BI Tools like TIBCO Jasper soft, Tableau for designing customized interactive and advanced rich visualization dashboards using connectors, extensions, filtrs, parameters, calculations. Worked closely with the architect and team in designing, developing and implementing the logical and physical model for the Data Mart.
• Experience in different team projects with good project implementation experience, team skills, troubleshooting, presentation abilities and issue resolution capabilities.

TECHNICAL SKILLS

• Splunk Modules: Splunk 5.x/6x, Splunk DB Connect 1.x, 2.x, Splunk Enterprise security, Splunk on Splunk, Splunk App for VMware, Splunk Web Framework, Splunk IT Service Intelligence
• Operating Systems: Red Hat Linux (4.x, 5.x, 6.x) Unix, Windows XP/2003/7/8/10, Solaris (8, 9, 10) Web Servers Oracle Http Server, Apache Tomcat, MS IIS server 5.1/6.0, IBM - HTTP, IIS server Application Servers Oracle Web Logic Server 8.x./9.x/10.x, JBoss 5.x/6.x, Oracle SOA Suite 11g.
• Tools: Splunk 5x/6x Is 5.1 .5.3 6.1.3, 6.2.3, 6.3, Oracle 11g/10g/9i/8i/7.3 TOAD, SQL Loader, TOAD 10.6.
• Databases: Oracle, MYSQL SERVER, MS Access, AWS and Azure Clouds.
• Languages: SPL, C, C++, Basic JAVA, SQL, XML, Hadoop and PL/SQL.
• Scripting Languages: Perl, Python, Ruby, Linux shell scripts, UNIX Shell Scripting (Bourne, C and Bash)
• Web Services: SOAP and REST, Web Sphere Application Server8.x/7.x/6.x/5.x
• Networking & Protocols: FireEye, TCP/IP, HTTP, HTTPS, SME, LDAP, NIST, Firewall, VMware, SNMP, LDAP, SDLC, DNS, DHCP, DNS, NAT, SIEM, ELK, ITSI.

PROFESSIONAL EXPERIENCE

Senior Splunk Consultant

Confidential - Livonia, MI

Responsibilities:

• Expertise in Actuate Reporting, development, deployment, management and performance tuning of Actuate reports.
• Provide regular support guidance to Splunk project teams on complex solution and issue resolution. Created Dashboards, report, scheduled searches and alerts using XML. Knowledge about Splunk architecture and various components (indexer, forwarder, search head, deployment server), Heavy and Universal forwarder, License model.
• Integrated Service Now with Splunk to generate the Incidents from Splunk. Worked on DB Connect configuration for Oracle, My SQL and MSSQL. Created many of the proof-of-concept dashboards for IT operations, and service owners which are used to monitor application and server health.
• Created HTML dashboards with java scripts and CSS to create customized visualizations. Installed and configured DB Connect plug in to get the data from Oracle, MySQL and MSSQL. Field Extraction, Using Ifx, Rex Command and Regex in configuration files.
• Various types of charts Alert settings Knowledge of app creation, user and role access permissions. Creating and managing app, create user, role, Permissions to knowledge objects. Parsing, Indexing, Searching concepts Hot, Warm, Cold, Frozen bucketing.
• Configure Clustering EJB objects, JDBC connections and JMS connection factories. Involved in standardizing Splunk forwarder deployment, configuration and maintenance across UNIX and Windows platforms.
• Worked on setting up Splunk to capture, analyze data in Confidential online Banking. Set up Splunk to capture and analyze data from various layers Load Balancers, Web servers and application servers.
• Captured data from various front end, middle ware application. Dashboards were created to monitor the traffic volume across, response times, Errors, Warnings across. Maintain, grow and improve the TVX Splunk environment.
• Use techniques to optimize searches for better performance, Search time vs Index time field extraction. And understanding of configuration files, precedence and working.
• Create dashboard from search, Scheduled searches o Inline search vs scheduled search in a dashboard. Expertise in using Amazon AWS API tools like: Linux Command line, puppet integrated AWS API tools. Expertise with SIEM and log sources and SME.
• Prepared, arranged and tested Splunk search strings and operational strings. Developed, evaluated and documented specific metrics for management purpose. Using SPL created Visualizations to get the value out of data.
• Monitor for fraud patterns in claims by correlating with past profiles, internal and external fraud knowledgebase. Involved in assisting offshore members to understand the use case of business. Assisted internal users of Splunk in designing and maintaining production-quality dashboard. Installed, configured and managed Decameter users on the Hadoop cluster.
• Involved in writing complex IFX, rex and Multikv command to extracts the fields from the log files. Worked on DB Connect configuration for Oracle, My SQL, MSSQL, NoSQL.
• Developing custom web application solutions for internal ticket metrics reporting. Experience in implementation of log management, analysis solutions.

Environment: Splunk 6.0, pivotal HD, Splunk Enterprise security, windows, Splunk knowledge objects, Python, Rest APIS, SDKS, SIEM, AWS, NoSQL

Senior Splunk Developer/ Administrator

Confidential - Atlanta, GA

Responsibilities:

• Provide regular support guidance to Splunk project teams on complex solution and issue resolution. Involved as a Splunk Admin in capturing, analysing and monitoring front end and middle ware applications.
• As part of SIEM, monitored notable events through Splunk Enterprise Security (Using V3.0). Expertise with Splunk UI/GUI development and operations roles.
• Integrated real-time data between Splunk Enterprise and databases by using DB connect app. Created many of the proof-of- concept dashboards for IT operations, and service owners which are used to monitor application and server health.
• Helped team on-board data, create various knowledge objects, install and maintain the Splunk Apps, TAs and good knowledge on JavaScript for advance UI as well Python for advance backend integrations. Generated Shell Scripts to install Splunk Forwarders on all servers and configure with common Configuration Files such as Bootstrap scripts, Outputs.conf and Inputs.conf files.
• On-board new log sources with log analysis and parsing to enable SIEM correlation. Configuration of Inputs.conf and outputs. conf to pull the XML based events to Splunk cloud indexer. Parsing, Indexing, searching concepts Hot, Warm, Cold, frozen bucketing and Splunk clustering. Setup and configuration of search head cluster with three search head nodes and managing the search head cluster with deployer.
• Involved in standardizing Splunk forwarder deployment, configuration and maintenance across Linux and Windows platforms.
• Worked on setting up Splunk to capture and analyse data from various layers, Load Balancers, Webservers and application servers. ery good understanding of software development life-cycle (SDLC) process, Followed Agile scrum and story maps for dev tracking.
• Supporting and monitoring Splunk cluster infra structure in AWS cloud environment. Scripted SQL Queries in accordance with the Splunk. Created many of the proof-of-concept dashboards for IT operations, and service owners which are used to monitor application and server health.
• Various types of charts alert settings Knowledge of app creation, user and role access permissions. Creating and managing app, create user, role, permissions to knowledge objects. Knowledge about Splunk architecture and various components (indexer, forwarder, search head, deployment server), Heavy and Universal forwarder, License model.
• Created Dashboards, Data models, report, scheduled searches and alerts. Field Extraction, Using IFX, Rex, Sed Command and Regex in configuration files. Automated reports and alerts to monitor the applications, tools and services proactively. Configuring and set up different hosts boxes on Ops view and site scope with hashtags. Proactively monitoring and trouble shoot the different hosts boxes on Ops view.

Environment: Splunk 6.2, 6.3.5, Linux, Site scope, Ops View, Service now, Linux and UNIX Servers, SQL Server 2008

Security Splunk Engineer

Confidential - Culpeper, VA

Responsibilities:

• Experience in implementing Splunk 5.x and 6.x in production, Distributed Splunk architecture and components including heads, indexers and forwarders etc.
• Hands on experience in installing and using Splunk apps for UNIX and Linux (Splunk nix). Worked on several Security related Usecases and have been a part of security team. Created various dashboards for Security operations to monitor LDAP and IAM applications.
• Complete deployment of Search Head Clusters in different environments, including migration of existing Search Head pooling (simultaneously cut over from current Search Head's instead of creating from scratch).
• Experience in configuring the rsyslog & syslog-ng and also with Regular Expressions. Created Splunk app for Enterprise Security to identify and address emerging security threats through the use of continuous monitoring, alerting and analytics And Knowledge about Splunk architecture and various components (indexer, forwarder, search head, deployment server), Heavy and Universal forwarder, License model.
• Use techniques to optimize searches for better performance, Search time Vs Index time field extraction. And understanding of configuration files, precedence and working