Shiva

Splunk Admin/Developer

Ph.no: +1-720-***-****.

Allen Park, Michigan, United States

ad3y1a@r.postjobfree.com

linkedin.com/in/shiva-m-a987b117a

Splunk Enterprise Security Certified Admin.

PROFESSIONAL SUMMARY:

IT professional with around 8 years of experience working with Splunk - Enterprise Splunk, Splunk DB Connect, Splunk configuring, implementing, and supporting Splunk Server Infrastructure across cloud AWS Windows, UNIX, and Linux.

Extensive knowledge of Splunk architecture and various components. Passionate about Machine data and operational Intelligence.

Strong experience with Splunk 8.x,7.x,6.x,5.x product, distributed Splunk architecture and components including search heads, indexes, and forwarders.

Experience in Operational Intelligence using Splunk.

Headed Proof-of-Concepts (POC) on Splunk ES implementation, mentored and guided other team members on Understanding the use case of Splunk.

Expertise in customizing Splunk for Monitoring, Application Management and Security as per customer requirements and industry best practice.

Expertise in Installation, Configuration, Migration, Troubleshooting and Maintenance of Splunk, Passionate about Machine data and operational Intelligence.

Implemented workflow actions to drive troubleshooting across multiple event types in Splunk.

Expert in installing and configuring Splunk forwarders on Linux, Unix, and Windows.

Expert in installing and using Splunk apps for Windows, Unix, and Linux Logs.

Knowledge on Configuration files in Splunk (props.conf, transforms’, Output.conf)

Worked on large datasets to generate insights by using Splunk.

Production error monitoring and root cause analysis using Splunk.

Install, configure, and administer Splunk Cloud Environment 6.x and Splunk Forwarder 6.x. on Windows Servers.

Used Splunk and ELK (Elastic Stack) For Log Error's or Any Kind of log Analytics.

Supported Splunk Cloud with 3 Indexers, 120 forwarders and Generated 300 Gb of data per day.

Involved in standardizing SPLUNK forwarder deployment, configuration, and maintenance across Windows Servers.

Configured inputs.conf and outputs.conf to pull the XML based events to SPLUNK Indexer.

Debug Splunk related and integration issues.

Installed Splunk on nix & Splunk SOS and maintained Splunk instance for monitoring the health of the clusters.

Integrate Spunk Web console with Splunk Mobile App using Mobile Access server Addons.

Build, customize and deploy Splunk apps as per internal customers.

Splunk UI experience and able to debug expensive search queries.

Configured Clusters for load balancing and fail over solutions.

Implemented a Log Viewer Dashboard as a replacement for an existing tool to view logs across multiple applications hosted on a PaaS setup.

Create Splunk Search Processing Language (SPL) queries, Reports, Alerts and Dashboards.

Ability to provide engineering expertise and assistance to the Splunk user community Advanced Splunk Search Processing Language skills (SPL).

Extensively used various extract keyword, search commands like stats, chart, time chart, transaction, strptime, strftime, eval, where, xyseries, table etc.

Good knowledge about Splunk Searching and Reporting modules, Knowledge Objects, Administration, Add-On’s, Dashboards, Clustering and Forwarder Management.

Created and Managed Splunk DB connect Identities, Database Connections, Database Inputs, Outputs, lookups, access controls.

IPV6/IPV4 routing, sub-netting, and networking routing technologies

Time chart attributes such as span, bins, Tag, Event types, Scheduled searches online search vs scheduled search in a dashboard.

Designed, developed, and implemented multi-tiered Splunk log collection solutions.

Installed, configured, and administered JBoss Application server 5.0, 7.0 in various environments.

Installed, configured, and administered Web Servers like Apache 2.x HTTP Server, Apache Tomcat 6.x, Sun One 6.x Web Server, and Microsoft IIS Server for WebLogic plug-ins.

Strong experience with web/application servers like Apache Tomcat, Jetty, JBoss, IBM WebSphere, WebLogic.

Strong experience using SQL, PL/SQL Procedures/Functions, Triggers and Packages.

Creating accurate Reports, Dashboards, Visualizations, Elastic search, and Pivot tables for the business users.

TECHNICAL SKILLS:

Languages

SPL,Java, Python, PHP, Shell,SQl.,C#,C++.

Splunk Modules

Splunk 8.x/7.x Splunk 6.x, Splunk Enterprise Security, Splunk IT Service Intelligence, Machine Learning Toolkit, Splunk DB Connect, Splunk Cloud, Splunk Web Framework.

Web Technologies

HTML5, CSS3, JavaScript, AngularJS, XML.

Tools/ Web Servers

Apache Web Server, Jenkins, Maven, Tomcat 5.4/4.x, Microsoft Word, PowerPoint, Excel, Microsoft Project, Wireshark, Putty, Jira, Web Logic.

Operating Systems

Linux, UNIX, MAC, Windows 98/2000/NT/XP/Vista/07, RHL Linux, Windows Server 2003/2008 R2, VMWare,AWS.

Database

Oracle 9i/10g, MySQL, No-SQL (MongoDB), SQL Queries, IBM DB2,BIG QUERY

Monitoring Tools

Wily Introscope 8.x/9.x, Tivoli, BSM Topaz, Tivoli Performance Viewer, IBM Thread and Heap Analyzers.

Bare Metal Configuration

PXE, DHCP, DNS.

Data Analysis

Requirement Analysis, Business Analysis, Risk Assessment / Impact Analysis.

Concepts

Enterprise Security, SIEM, SDLC, SSAE, ELK, Object Oriented Analysis and Design.

PROFESSIONAL EXPERIENCE

FORD MOTORS

Allen Park, MICHIGAN.

Splunk Engineer

October 2019 – Present

Responsibilities:

Designed the Splunk system solution to meet growth while maintaining a balance between performance, stability, scalability, and agility.

Establish and ensure adoption of best practices and development standards.

Experienced with Network Data base team on onboarding the network devices and circuits related data.

Knowledge of software development life cycle (SDLC) process, Followed Agile scrum, and story maps for dev tracking.

Responsible for maintaining few Splunk Apps NETOPS Tools, NAVAIL to build dashboards, reports, scheduled searches alerts.

Worked closely with various teams to helped Splunk requirements infrastructure, Network Operations, Network management systems, DNS Operations.

Built Dashboards, Alerts, Reports, saved searches using XML, Advanced XML and Search Processing language (SPL).

Maintained the Splunk software to automatically send out an alert to notify the appropriate authority through email and activate the necessary support.

Experience on performance management tools CACTI, Weather Maps, NFA Network flow analysis this will allow Network planners to make the significant decisions.

Worked on Oracle DB and played role as DBA and maintained the Network database when the team need some assistance.

Experience in Agile methodology and tracking the work using the tool Rally.

Experience in using various search commands like dataset processing streaming, generating, transforming, orchestrating commands.

Onboard data into Splunk via Forwarders, scripted inputs, TCP/UDP and modular inputs such as FireEye, BigFix, cisco sources, Syslog etc.

Assisting in the proper operation and performing of Splunk, plug-ins, loggers, and connectors. Efficient in doing security scans by Nessus agents.

Responsible for parsing of data such as hosts, source type and line breaks.

When required Performed Field Extractions and Field Transformations using the RegEx in Splunk.

Worked in data-flow design for data ingestion, transformation, and analytics layers.

Created Tags, Event types, field lookups, using regular expressions, aliases for search-time outputs and visualizations.

Analyzed large datasets to identify metrics, drivers, performance gaps and opportunities for improvement.

Experience using Python for automation and shell scripting experience (bash).

Used techniques to optimize searches for better performance, search time vs. index time field extraction. And understanding of configuration files, precedence and working.

Worked with Splunk app for Enterprise Security to identify and address emerging security threats using continuous monitoring, alerting and analytics.

Worked on Splunk ITSI in data integration and analysis for large volume data that comes from various sources.

Created the service models key performance indicators (KPI ) to establish meaningful thresholds for KPIs to detect anomalies and issues. that accurately reflects the health and performance of the critical services.

Created custom app configurations (deployment-apps) within Splunk to parse, index multiple types of log format.

Experienced in deployed Splunk Enterprise to AWS environment to facilitate efficient log management and analysis.

we used Amazon S3 for storing raw data and backups, Amazon EC2 instances for running Splunk search heads and indexers, and Amazon RDS for hosting Splunk's metadata database.

We also used Amazon CloudWatch for monitoring, AWS Lambda for automating tasks, and Amazon VPC for secure networking.

Worked on setting up the security configuration environment we set up security groups and network ACLs to control access to Splunk instances and ensure secure communication. Utilized AWS Identity and Access Management (IAM) roles for granting necessary permissions to instances.

These AWS services have streamlined data workflows and improved the overall performance of Splunk applications.

Monitor the logs from the various servers, network devices, storage device, medical devices, and work on onboard the new logs from various systems, databases.

Integrated Splunk with data from databases such as Oracle etc. using db connect and other input methods.

Work with various teams to ensure that all the security requirements are enabled.

Worked on various tools such IT connect, Smart IT, BMC Remedy for ticketing and workflow, different ART request tools, scan tools.

Involved in developing complex scripts to automate batch jobs, troubleshooting and resolved the Splunk - performance, search poling, log monitoring issues, role mapping, dashboard creation etc.

Developed a POC on usage of Puppet Configuration Management tool.

Writing Splunk Queries, Expertise in searching, monitoring, analyzing and visualizing Splunk logs.

Experience in alert handling, standard availability, and performance report generation.

Hands on experience in customizing Splunk dashboards, visualizations, configurations using customized Splunk queries.

Monitored the Splunk infrastructure for capacity planning, scalability, and optimization.

Experienced in using Splunk- DB connect for real-time data integration between Splunk Enterprise and rest all other databases.

I have used Python to automate the various administrative tasks like automate routine tasks such as creating and updating Splunk users and roles, configuring indexes and inputs, and managing saved searches and alerts.

Experienced in creating the custom monitoring scripts that query Splunk REST APIs to retrieve real time data on system health, license usage and performance metrics also used python scripts data manipulation and cleanup which performs the preprocess and transform data before indexing.

Experience in Agile methodology and tracking the work using the tool Rally.

Experienced in Monitoring the Network devices by using the tool called Cacti and support Wan planners to make the important decisions.

Environment: Splunk Enterprise Server 8.X/7.X, JSON, SQL, UNIX, RedHat Linux, AWS,Python,IAM, Oracle, HACMP 5.4, HTML, Java Script, XML, Splunk ES, REGEX, TCP-IP, UDP, Splunk DB2 connect, Shell script (bash) and Python, BMC Remedy, IT connect, Smart IT, Active Directory, Rally, Weather Maps, Cacti, Oracle DB.

Broadcom Inc.

Allen town, PA.

Splunk Admin/Developer

October 2018 – September 2019

Responsibilities:

Support proactive detection and analysis of security incidents by Splunk Enterprise security.

Created advanced Dashboards, alerts, reports, advanced Splunk searches and visualization in Splunk Enterprise.

On boarding of new data into Splunk Troubleshooting Splunk and optimizing performance and Splunk on-boarding with LOG4J/JSON/XML/TCP/UDP.

Depending upon the Data retention requirements configured and maintained hot, warm, and cold buckets.

Expertise in Installation, Configuration, Migration, Trouble Shooting and Maintenance of Splunk, WebLogic Server 7.0/8.1/9.x/10.x, Apache Web Server on different UNIX, Linux systems.

Expert in using IFX, EREX and Regex in configuration files to extract fields.

Experience on Splunk search construction with ability to create well-structured search queries that minimize performance impact.

Monitored Database Connection Health by using Splunk DB connect health dashboards.

Monitoring Splunk dashboards, Splunk Alerts and configure scheduled alerts based on the internal customer requirement.

Experience in Git and GitOps brings efficiency, collaboration, and version control practices to Splunk configurations and deployments. This is crucial for maintaining a reliable and scalable Splunk environment.

Used BI suite to communicate to our corporate standard relational databases (RDBMS) through the Structured Query Language (SQL).

Working on Splunk ITSI glass tables, deep dives, ITSI modules.

Solved many problems on call with my knowledge on the applications using event logs on the system / server and telemetry logs on the server, later started using Splunk for health monitoring, analysis, and reporting.

Created correlation searches for security incidents through Splunk enterprise security.

Work with Git lab repos to distribute Splunk custom app configurations such as JMX etc. to multiple clusters associated with different datacenters.

Sources are configurations that enable Cribl Stream to receive data from remote senders (Splunk, TCP, Syslog, etc.), or to collect data from remote file stores or the local machine.

Implemented monitoring tools like Splunk, Grafana and Dynatrace to ensure the health and performance of applications and created dashboards and alerts.

Worked on setup and configuring non-cluster indexers to Clustered indexers for improved performance.

Worked on Cloud migration, Cloud OP’s and Cost optimization.

Using Amazon Web Services (AWS) focusing mainly on planning, monitoring, deploying, and maintaining cloud infrastructure on multiple EC2 nodes and VM in Linux/Unix (Red Hat, CentOS) environment with respect to project.

Use Blade Logic to patch and install applications to several different test labs as well as operational windows server systems.

Involved in implementing Ansible configuration management and maintaining them in several environments on AWS cloud and VMware.

Created alarms, monitored & collected log files on AWS resources using Cloud Watch on EC2 instance which generates Simple Notification Service (SNS).

Creating Input stanzas and prepared server classes to push monitoring stanzas to read the data by Splunk and make them visible in UI.

Performance testing using apps like Wily, App Dynamics, Dynatrace, Splunk and Net Cool.

Used Splunk Enterprise REST API that uses HTTP requests to configure and manage Splunk instance, create and run searches.

Experience in Splunk SDK for python to search data run the saved searches and integrated search results into outside applications.

Alert Customization*: Python has enabled me to create custom alert actions that extend the built-in alerting capabilities of Splunk. This includes triggering external processes, sending notifications via different channels, and performing custom actions based on alert conditions.

I have used python scripts for generate custom reports and visualizations by querying Splunk data and transforming it into formats suitable for different stakeholders.

Experienced in Integration with External Systems like sending and getting the data to external databases, ticketing systems.

Drive complex deployments of Splunk dashboards and reports while working side by side with technical teams to solve their integration issues.

Knowledge about Splunk architecture and various components (indexer, forwarder, search head, deployment server), Heavy and Universal forwarder, License model. Experienced in Splunk migrations or upgrades, I've used Python scripts to automate the validation of configurations, assess compatibility of apps and add-ons, and ensure a smooth transition to newer versions.

Created many of the proof-of-concept dashboards for IT operations, and service owners which are used to monitor application and server health.

Created macros using Rest APIs for various saved searches in our environment.

Worked on Splunk Phantom SOAR Proof of Value (POV) project and created regex-based parser to logs and configuring different connectors.

Using Splunk and ELK for Business Logic Errors and Exceptions and Good Experience on ELK for Log Search Tool, Log stash and Data Visualization Tool.

ENVIRONMENT: Splunk, Splunk ES, AppDynamics, Dynatrace, AWS, Splunk DB2 connect, Python SDK, Linux, Shell, and Python Script, LOG4J/JSON/XML/TCP/UDP, Cribl, Syslog,ELK,Dynamics, Netcool,VM ware,GIT,SplunkITSI

BMW

Spartanburg, SC.

Splunk Admin/Developer

Jan 2018 – SEP 2018

Responsibilities:

Developed Splunk infrastructure and related solutions as per automation toolsets.

Splunk administering in environments like Window Servers, Red Hat Linux Enterprise Servers

Experience in Splunk GUI development creating Splunk apps, searches, Data models, dashboards, and Reports using the Splunk query language.

Created reports, pivots, alerts, advanced Splunk searches, and visualization in Splunk enterprise.

Provided power and admin access for the users and restricted their permission on files. Created and configured management reports, analytical dashboards, and alerts in Splunk for application log monitoring.

Provide regular support guidance to Splunk project teams on complex solution and issue resolution.

Responsible for documenting the current architectural configurations and detailed data flow and troubleshooting guides for application support.

Involved as a Splunk Admin in capturing, analyzing, and monitoring front end and middle ware applications.

Worked with Client engagements and data onboarding and writing alerts, dashboards using the Search Processing Language (SPL).

Analyzed security-based events, risks, and reporting instances.

As part of SIEM, monitored notable events through Splunk Enterprise Security (Using V3.0).

Generated Shell Scripts to install Splunk Forwarders on all servers and configure with common Configuration Files such as Bootstrap scripts, Outputs.conf and Inputs.conf files.

Onboard new log sources with log analysis and parsing to enable SIEM correlation.

Configuration of Props.conf and outputs.conf to pull the XML based events to Splunk cloud indexer.

Various types of charts alert settings Knowledge of app creation, user, and role access permissions.

Creating the self-monitoring dashboard for customers.

Creating and managing app, create user, role, permissions to knowledge objects.

Created Compliance dashboard for HP-NA and Compliance with Network Devices.

Created Compliance Security Baseline and Vulnerability Assessment dashboard for IBM Guardium Security for Database Server and Database Instances.

Creating Vulnerability Assessment dashboard using Rapid7, Joval that aggregates data across multiple services to identify critical threats and proactively mitigate risks.

Parsing, Indexing, Searching concepts Hot, Warm, Cold, Frozen bucketing and Splunk clustering.

Setup and configuration of search head cluster with three search head nodes and managing the search head cluster with deployer.

Involved in standardizing Splunk forwarder deployment, configuration and maintenance across UNIX and Windows platforms.

Provide regular support guidance to SPLUNK project teams on complex solution and issue resolution with the objective of ensuring best fit and high quality.

Interact with the data warehousing team regarding extracting the data and suggest the standard data format such that Splunk will identify most of the fields.

Onboard new log sources with log analysis and parsing to enable SIEM correlation. Analyzed large datasets to identify metrics, drivers, performance gaps and opportunities for improvement.

Worked on setting up Splunk to capture and analyze data from various layers Load Balancers, Webservers, and application servers.

Write automation scripts for APIs, Unit and functional test cases using Selenium WebDriver.

Write automation scripts for REST API's using TestNG and Java.

Worked on DB Connect configuration for r, MySQL and MSSQL.

Splunk DB Connect 2.0 in search head cluster environments of Oracle, MySQL

Good experience in working with SNMP traps and Syslog NG in on boarding the security devices on Splunk monitoring.

Designed and implemented a NoSQL based database and associated RESTful web service that persists high-volume user profile data for vertical teams.

Scripted SQL Queries in accordance with the Splunk.

Created many of the proof-of-concept dashboards for IT operations, and service owners which are used to monitor application and server health.

Created Dashboards, report, scheduled searches, and alerts.

Create dashboard from search, scheduled searches, and Inline search vs scheduled searches in a dashboard.

Field Extraction, Using IFX, Rex Command and Regex in configuration files.

Splunk administering in environments like Window Servers, Red Hat Linux Enterprise Servers.

Worked on Splunk, Shell scripting to automate and monitor the environment routine tasks.

Created and configured management reports, analytical dashboards, and alerts in Splunk for application log monitoring. Worked on Splunk Cloud and Splunk on-premises infrastructure with clustering.

Work with Jenkins for Automation, Orchestration, and Incident Response with the Security operation centers cloud monitoring team.

Worked on Security solutions (SIEM) that enable organizations to detect, respond and prevent these threats by providing valuable context and visual insights to help you make faster and smarter security decisions.

Good experience in working with SNMP traps and Syslog NG in on boarding the security devices on Splunk monitoring.

On-boarded multiple data sources within Splunk, creating custom TAs for data parsing.

Advised clients on the best practices for Splunk deployment.

Developed detailed documentation for the installation and configuration of Splunk and Splunk apps.

ENVIRONMENT: SPLUNK 7.X/6.X, Linux, UNIX, AWS,Python,Oracle 11g, MS SQL Server 2012, SQL, Joval, Rapid 7, Bluecoat, shell IBM QRadar, REST API's,SIEM,

Splunk Developer

Cloud Can Technologies, Banglore,India.

June 2014 – May 2016

Responsibilities:

•Prepared, arranged, and tested Splunk search strings and operational strings.

•Responsible for documenting the current architectural configurations and detailed data flow and Troubleshooting Guides for application support.

•Involved in standardizing Splunk forwarder deployment, configuration and maintenance across UNIX and Windows platforms.

•Created dashboard from search, Scheduled searches, and Inline search vs scheduled searches in a dashboard.

•Optimized Splunk for peak performance by splitting Splunk indexing and search activities across different machines.

•Developed, evaluated, and documented specific metrics for management purpose.

•Used SPL created Visualizations to get the value out of data.

•Worked on DB Connect configuration for Oracle, MySQL and MSSQL.

•Developed build scripts, UNIX shell scripts and auto deployment processes.

•Good experience in creating Splunk apps, navigations, interfaces, and good experience on Splunk lookups, macros, Pivot, data models, lookup files and their publication into Splunk.

•Experience on use and understand of complex RegEx (regular expressions).

•Involved in helping the Unix and Splunk administrators to deploy Splunk across the UNIX and windows environment.

•Experience in creating Access controls, to user by creating AD (Active Directory) groups power and user groups.

•Configure the add-on app SSO Integration for user authentication and Single Sign-on in Splunk Web.

•Experience in Python general scripting, Hands on Experience in secure coding.

•Knowledge about Splunk architecture and various components (indexer, forwarder, search head, deployment server), Heavy and Universal forwarder, License model.

•Worked to ensure Splunk is actively and accurately running and monitoring on the current infrastructure implementation.

ENVIRONMENT: HTML/CSS, XML, Oracle, MySQL, UNIX, WebLogic Application Server, Oracle, Splunk architecture, Indexer, Forwarder, TCP/UDP Protocols, Python.

Education:

Master of Science in Information Assurance / Information Systems Security COLORADO Technical University, Denver, CO,2017.

Bachelor of Technology in Computer Science and Engineering from CSJM University, India, 2014.

Contact this candidate