SUMMARY

• 9 years of strong experience as Splunk Administration/Developer, Software Analysis, Design and Development for various software applications in providing Business Intelligence Solutions in Data Warehousing for decision Support Systems, and Database Application Development.
• Expert in Extracting, Transforming, Analyzing, Visualizing, and presenting data from diverse business areas in novel and insightful ways to enable Directors, Vice Presidents, and C - level executives to take informed action.
• Experience in using various configuration management tools to handle servers and to automate scripts like Puppet & Chef.
• Splunk Certified Admin - 8.x/8.3 and Splunk Certified Power User-8.x/8.3.
• Certified Sumo Power Admin, Sumo Pro User, Certified Sumo Power User.
• Certified AWS Technical Professional.
• Certified Information Security Expert (CISE-Level: 1).
• Excellent experience in Operational Intelligence using Splunk 8.x/7.x/6. x.
• POC's with the Confluent Schema Registry, Rest Proxy, Kafka Connectors for Cassandra and HDFS (Hadoop 2.0);
• Strong experience in all facets of SDLC viz. requirement analysis, designs, development, testing, and post implementation revisions (Agile/Scrum/Waterfall).
• Experience in scripting languages like Python, Shell and Perl to automate the log rotations, onboarding data from various application teams and to reload deployment servers.
• Expertise in developing proof of concepts (POC) on Splunk Enterprise Security (ES) implementation mentored and guided security team on understanding the use cases in Splunk.
• Experience in providing monitoring and response to security events for Security Operations team (SOC).
• Experience in working with Splunk authentication and permissions and having significant experience in supporting large scale Splunk deployments.
• Expert in installing SPLUNK apps for Linux and UNIX environments.
• Experience in creating and developing various configuration files in Splunk (props.conf, transforms.conf, inputs.conf, outputs.conf, authentication.conf, authorize.conf).
• Experience in Big Data and familiar with components of Hadoop Ecosystem: HDFS, Hive, HBase and Pig.
• Expertise in Hadoop Application Development and integrated in to Splunk.
• Good knowledge about Splunk architecture and various components (indexer, forwarder, search heads, deployment server), Heavy and Universal forwarder, License model.
• Expertise in Preparing, arranging and testing the Splunk search strings and operational strings.
• Extensive experience in deploying, configuring, and administering Splunk Clusters.
• Experience in developing Splunk queries and dashboards targeted at understanding application performance and capacity analysis.
• Experience in working with Change / Incident Management teams to apply changes to existing servers and to onboarding new data to Splunk servers.
• Extensive knowledge in creating Actuate reports using XML, Dashboards, visualization and pivot tables for the business users.
• Excellent written, analytical, co-ordination, interpersonal, leadership, organizational and problem-solving skills, Ability to adapt, learn new technologies and get proficient in them very quickly.

TECHNICAL SKILLS

Log Management Tool/ Monitoring Tool: Splunk & Splunk ES, Splunk on Splunk, Splunk DB 2 Connect, Splunk Cloud, Splunk IT Service Intelligence, Splunk Web Framework, and Nagios

Security/ Vulnerability Tools: Crowdstrik, Palo alto, MacAfee, Check Point, Cisco Source Fire, Nessus, Rapid &&Proofpoint

Remote Tools: Putty, mRemoteNG

Ticketing Tools: Jira, Archer, Service Now, IBM Resilient

Operating Systems and languages known: Windows 7/8/10, Red hat Linux, Centos, AWS, Python, Java Scripting

SIEM (Having Knowledge): IBM Qradar/ ArcSight

PROFESSIONAL EXPERIENCE

Splunk Admin

Confidential

Responsibilities:

• Creating SQL loader scripts to load data from flat files into the database and creating External Tables to manage data which is store at the OS level.
• Splunk DB Connect 2.0 in search head cluster environments of Oracle.
• Created Splunk App for Enterprise Security to identify and address emerging security threats using continuous monitoring, alerting and analytics.
• Worked on Amazon AWS, configuring, launching Linux and windows server instances for Splunk deployment.
• Dashboards and Reports to show Login count of each application, to show which app resources being accessed more, Number of failed logins, statistics on High hitting applications.
• Prepared, arranged and tested Splunk search strings and operational strings.
• Created Shell Scripts to install Splunk Forwarders on all servers and configure with common configuration files such as Outputs.conf and Inputs.conf files.
• Perform daily log reviews for Possible NOW's security infrastructure to include firewall, security gateways, system, network, Splunk, etc.
• Used Some App Dynamics to Check the data in Applications performance.
• By using AWS collect detailed billing data and in-depth analysis of Amazon Web server.
• Worked with SIEM (security information and event management), Manage Splunk user accounts (create, delete, modify, etc.) Scripted SQL Queries in accordance with the Splunk.
• Interpreted and developed SIEM products to meet the internal and external and customer requirements.
• Develop, implement, and execute standard procedures for the administration, content management, change management, version/patch management, and lifecycle management of the SIEM/Log Management platforms.
• Installing of Splunk Enterprise, Splunk forwarder, Splunk Indexer, Apps in multiple servers (Windows and Linux) with automation.
• Monitored Splunk infrastructure for capacity planning, system health, availability, and optimization.
• Splunk Enterprise Deployments and enabled continuous integration on as part of configuration management
• Maintain current functional and technical knowledge of the Splunk platform and future products.
• Managing Splunk Deployment Server for distributing configurations, apps, and content updates to groups of Splunk Enterprise instances.
• Developed end to end data processing pipelines that begin with receiving data using distributed messaging systems Kafka through persistence of data into HBase.
• Implemented Spring boot microservices to process the messages into the Kafka cluster setup.
• Closely worked with Kafka Admin team to set up Kafka cluster setup on the QA and Production environments.
• Had knowledge on Kibana and Elastic search to identify the Kafka message failure scenarios.
• Implemented Kafka producer and consumer applications on Kafka cluster setup with help of Zookeeper.
• The ability to create, de-code and debug complex Splunk queries.
• Managing indexes and cluster indexes, Splunk web framework, data model and pivot tables.

Environment: Splunk 6.x, Splunk Enterprise, Splunk modules, Splunk DB connect, Web Logic server 8.x/9.x/10.x/11g, Tomcat 6.x, Apache 2.x, Solaris10, Oracle 11g/10g, Me, Version Controls SVN, GIT, web services, SSL, SIEM

Splunk Admin/Developer

Confidential, New Jersey

Responsibilities:

• Install and maintain the Splunk adds-on including the DB Connect 1, Active Directory LDAP for work with directory and SQL database.
• Installed HTTPS certification for splunk
• Played a major role in understanding the logs, server data and brought an insight of the data for the users.
• Collected data from various resources. Installed forwarders, Indexers, Search Heads on the servers.
• Field extractions for the log files, extracted complex Fields from different types of Log files using Regular Expressions.
• Configured LDAP Develop custom app configurations (deployment-apps) within SPLUNK.
• Managed Confluence users, permissions, user's directories. Configured all configurations required for splunk
• Created EVAL Functions where necessary to create new field during search run time
• Defined KPIs for ITSI, alerts and Glasstables and KPI base searches. Backup the configuration in ITSI. worked on applications likely DBconnect, Firebridage, ITSI and Add-ons
• Worked on DB Connect configuration for Oracle, MySQL. Configured Distributed Management Console(DMC)

Environment: Splunk, LDAP, MySQL, Linux, Bash, Perl, Hbase, Hive, Pig, Oracle 11g, MS SQL Server 2012, TFS,SVN.

Splunk Developer

Confidential, SanAntonio TX

Responsibilities:

• Built many of the proof-of-concept Dashboards for IT operations, and service owners which are used to monitor application and server health.
• Expert in Analyzing the Security Related Logs from various sources using SIEM system which creates alerts whenever it detects Anamolous Transactions and also blocks malicious activities.
• Maintenance of SPLUNK Environment with multiple indexers.
• Played a major role in understanding the logs, server data and brought an insight of the data for the users.
• Managing SPLUNK universal forwarder deployment and configuration, Monitoring and Maintaining Splunk performance and optimization after deployment.
• Developed complex dashboards to monitor manage and track the traffic volume across, response times, Errors, Warnings across various data centers, applications and servers.
• Helped in integration of Splunk with service now, Maintaining Splunk Instance and Monitoring health of the Cluster.
• Depending upon the Data retention requirements configured and maintained hot, warm, and cold buckets.
• Conducted and automated Splunk configuration files susch as Props.conf, transforms.conf, inputs.conf, outputs.conf setting, Props file management for event breaking and time stamp matching.
• Responsible for daily Security checks, monitoring unsuccessful logons, monitoring inactive users and locking the inactive users in production system i.e. daily Health Checks.
• Checking for Suspicious Behavior, Compromised Account, Remote Account Takeover using User Behavior Analytics.
• Worked on setting up Splunk to capture and analyze data from various layers Load Balancers, Web servers and application servers.
• Involved in setting up alerts for different type of errors, Analyzed security based events, risks and reporting instances.
• Designed core scripts to automate Splunk Maintenance and alerting tasks.
• Migrating some of the servers with Elastic Search tool for monitoring Health of the servers.
• Worked with administrators to ensure Splunk is actively and accurately running and monitoring on the current infrastructure implementation.
• Various types of charts Alert Settings Knowledge of app creation, user and role access permissions. Creating and managing app, Create user, role, Permissions to knowledge objects.
• Experience in working with Splunk authentication and permissions and having significant experience in supporting large scale Splunk deployments.
• Used the Splunk DB Connect application to associate and integrate unstructured data from web logs, syslogs and access logs with structured data from the firm’s Microsoft SQL Server database, providing the firm with meaningful context and business insight.
• Deployed Splunk Enterprise on AWS to gain real-time visibility across AWS and entire IT environment.
• Analyzed FACETS for Group Information, Enrolling Subscribers, adding members, Related Entities, Class/Plan definition and Premium Rate Tables.
• Involved in helping the UNIX and Splunk administrators to deploy Splunk across the UNIX and windows environment.
• Create dashboard from search, Scheduled searches Inline search vs. scheduled search in a dashboard.
• Generated Splunk Search Processing Language (SPL) queries, Reports and constructed
• Dashboards using XML, arranged and tested Splunk search strings and operational strings.

Environment: Splunk 4.3,5.0,6.0,6.1 Tomcat 6.0, IBM HTTP Server, Splunk Enterprise Security, Splunk UBA, Apache 2.0, Solaris10, Windows 2008, Oracle 11g/10g, web services, LDAP, AWS, HTML, XML, SSL, JDBC. Datameer, Linux, Bash, Perl, Hawq, Sed, rex, erex, Splunk Knowledge Objects, Python.