Splunk Admin

Venkata Sai

SPLUNK ADMIN

*********.***@*****.***

Phone no: +1-331-***-****

PROFESSIONAL SUMMARY

●Splunk Admin /Developer with 5+ years of experience in Information Technology field as Splunk Admin /Developer

●Strong experience with Splunk 5.x and 6.x/7.x product, distributed Splunk environment.

●Expertise in Installation and Implementation, Configuration, Migration, Trouble-Shooting and Maintenance of Splunk infrastructure.

●Expert in using several search commands like streamstats, eventstats, maxsearch, stats, chart, time chart, transaction, strptime, strftime, eval, where, xyseries, table etc.,

●Creating accurate reports, Dashboards, Visualizations, Elastic search and Pivot tables for the business users.

●Experience setting up and maintenance of On-premise Dynatrace, EUM Monitoring.

●Handle issues with Dynatrace Console, Agents Configurations.

●Experience in using Splunk platform in Linux and windows.

●Experienced in SHELL scripting, BASH scripting, PYTHON and Splunk apps like dbconnect

●Performed Splunk queries by Splunk Search Processing Language (SPL) and Regular expressions.

●Expert in writing complex Search queries Including Complex Regex Queries.

●Hands on development experience in customizing Splunk dashboards, visualizations, configurations, reports and search capabilities using customized Splunk queries

●Written complex IFX, Rex and Multikv command to extracts the fields from the log files.

●Experience in creating custom views, reporting and automated alerting for both operational and security use using Splunk.

●Ability to Debug Splunk related and integration issues.

●Implemented workflow actions to drive troubleshooting across multiple event types in Splunk Dynatrace.

●Extensive knowledge in writing Packages, Stored Procedures, Functions and Database.

●Used Splunk Hunk for Splunk analytics with Hadoop.

●Built KPIs and other Splunk Objects on Hardware Utilization of various technologies like Informatica, Goldengate, and SAS Fraud Framework, Teradata, Hadoop, Microstrategy and A&C servers.

●Installed, configured and managed Decameter users on the Hadoop cluster.

●Recommended architectural designs and suggestions in Hadoop enabled environments and improved the stability, security and integrity of product.

TECHNICAL SKILLS

Splunk

Splunk 5.x, 6.x and 7.x, Splunk Enterprise, Splunk on Splunk, Splunk DB Connect, Splunk IT Service Intelligence, Splunk Web Framework, Splunk Machine Learning Tool kit, Splunk Hunk.

Operating Systems

Windows 2000, XP, Windows NT, Unix/Linux (Red Hat), VM Ware.

Data Analysis

Requirement Analysis, Business Analysis, detail design, data flow diagrams, data definition table, Business Rules, data modelling, Data Warehousing, system integration

RDBMS

Oracle 11g/10g/9i/8i, MS-SQL Server 2000/2005/2008, Sybase, DB2 MS Access.

Web Technologies

HTML, DHTML, JavaScript, XML.

Devops Tools

Ansible, Terraform

Web/App Servers

Apache Tomcat 6.0, web logic8.1/9.2, web sphere 6.0

Concepts

Oriented Analysis and Design.

Cloud

AWS

PROFESSIONAL EXPERIENCE

VRBO TX

Splunk Administrator (Jul 2019 - Prersent)

Support users in building the dashboards and all other Splunk related questions.

Actively improving the Splunk performance in the organization by removing or disabling the saved searches that are not anymore used by the users.

Maintained the Splunk uptime during my period in the organization to a 99.9%

Actively using Ansible for daily duties and maintenance of the instances in Splunk.

Responsible of managing two prod indexer clusters with a total of 130 indexers.

Expertise in Installation and Implementation, Configuration, Migration, Trouble-Shooting and Maintenance of Splunk infrastructure.

Maintain all the infrastructure of Splunk in all environments including On-Prem and Cloud.

Analyzing performance issues in large-scale Kafka environments and provide resolutions and workarounds to the users.

Data ingestion to Splunk with the kafka connect instead of forwarders for kafka related logs.

Ability to debug Splunk related and integration issues.

Create data retention policies and perform index administration, maintenance and optimization.

Managing the logs on an average daily intake of 35TB/day.

Recently migrated our Splunk license from the present organization's license which is in a Data centre to our parent company's Splunk license present in AWS US-West-2 region with no impact to the users and zero license warnings.

Automated the new instance allocation in AWS by Terraform.

Currently working on automating the log on-boarding directly by the users with the minimal work from administrator.

Environment: Splunk 7.1, 7.2, Unix, Linux, Windows, Splunk Hunk, Datadog, Ansible, Terraform, AWS, Python and Bash Scripting.

LINCOLIN FINANCIAL NC

Splunk DEVELOPER (Mar 2017 – Jun 2019)

Responsibilities:

Create presentation layers for Technical, Business and Executive Management showing environment operational health based on Key Performance Indicators

Manage existing application and create new applications (visual and non-visual)

Setup non-auto ticketing monitoring test alerts to the monitoring team for all Business Units platforms in ITSI to enable investigation of alerts for accuracy and research purposes

Designed and implemented various SIEM solution packages in ArcSight ESM built in Oracle Virtual Box working environments

Ability to build business & operational intelligence dashboards and glass tables using Splunk & Splunk ITSI.

Create data retention policies and perform index administration, maintenance and optimization

Experience at Splunk on Splunk developing dashboards, forms, SPL searches, reports and views, administration, upgrading, alert scheduling, KPIs, Visualization Add-Ons and Splunk infrastructure. .

Experience in creating and maintaining Splunk reports, dashboards, forms, visualizations, alerts for Enterprise Security to identify and address emerging security threats.

Extensive knowledge in creating Actuate reports using XML, Dashboards, visualization and pivot tables for the business users.

Extensive experience in Data Warehouse, Data mart, Data Integration and Data Conversion projects ETL using Informatica Power Center 9.5/8.x/7.x/6.2/5.0 tools (Source Analyzer, Mapping Designer, Mapplet Designer, Transformation Designer, Repository Manager, and Server Manager) as ETL tool on Oracle /DB2 Database.

In depth Knowledge with search head clustering and Index clustering

Implemented workflow actions to drive troubleshooting across multiple event types in Splunk.

Exposed the metadata to the end users using the Splunk Analytics for Hadoop.

Developing the command centre dashboard on big data Hadoop.

Experience in Big Data and familiar with components of Hadoop Ecosystem.

Install and configure Splunk Hadoop connect and Splunk add on for Dynatrace app.

Built Latency and Time lag analytics in Hadoop and Informatica.

Environment: Splunk 6.3, Splunk 6.2, Unix, Linux, SQL server, XML, Web Services, Splunk DB connect 2.2, Unix, Oracle 11g, Service Now, MS SQL Server 2012, SQL server, Python Scripting.

SANTANDER BANK MA

Splunk Admin (Feb 2016 – Feb 2017)

Responsibilities:

Provide security consulting to project and development teams in the area of information security

Involved in logical modeling and physical modeling of application.

Wrote various kinds of SQL queries involving correlated Sub queries, UNION, Inner and Outer Joins.

Well versed with various vulnerabilities and attacks at application - OWASP top 10, SQL Injection, XSS, CSS, LDAP injection, XPath injection etc.

Assist the develop teams in closing the vulnerabilities identified.

Configured Indexer replication to achieve data availability, data fidelity and disaster tolerance.

Improved search performance by configuring 2 search heads for all Indexes in production.

Created and configured management reports and dashboards in Splunk for application log monitoring.

Efficiently handled Work Load Management for load balancing and failover, improving performance, reliability and scalability.

Gathering different wellsprings of syslog and XML information from different gadgets, applications, and information bases.

Work towards accomplishing a speedier ROI and keeping up partners persuaded of the worth and undiscovered open doors in Splunk.

Supporter and execute arrangements considering a full information lifecycle (Search & Investigate, Add Knowledge, Monitor & Alert, Report & Analyze).

Provide regular scheduled metrics and reporting to all stakeholders

PKI internal and external CA’s and Verify management would be a plus

Support testing of new integrations for infrastructure and production performance

Develop dashboards with visual metrics for stakeholders

Standardize and implement Splunk Universal Forwarder deployment, configuration and maintenance in Linux and Windows platforms

Environment: Splunk, Deployment server, Splunk 6.x Dashboard Examples,, Data Models, Server management, Dashboards, UNIX, AIX, RED HAT LINUX, Hadoop, XML, HTML

COMCAST PA

Splunk Admin (Dec 2014– Jan 2016)

Responsibilities:

Develop alerts and timed reports Develop and manage Splunk applications

Provide leadership and key stakeholders with the information and venues to make effective, timely decisions

Establish and ensure adoption of best practices and development standards

Manage and configure index settings and created event type definitions. Analyzed security based events, risks and reporting instances.

Developing custom web application solutions for internal ticket metrics reporting.

Working on data model relationships in underlying raw data and making it more meaningful and useful to quickly generate charts, visuals and dashboards using pivot.

Analyzing massive amount of real time data in Hadoop using splunk enterprise operational intelligence.

Knowledge about Splunk architecture and various components (indexer, forwarder, search head, deployment server), Heavy and Universal forwarder, License model.

Expertise in Actuate Reporting, development, deployment, management and performance tuning of Actuate reports.

Various types of charts Alert settings Knowledge of app creation, user and role access permissions. Creating and managing app, Create user, role, Permissions to knowledge objects.

Designed core scripts to automate Splunk maintenance and alerting tasks.

Integrated ServiceNow with Splunk to generate the incidents from Splunk.

Created many of the proof-of-concept dashboards for IT operations, and service owners which are used to monitor application and server health.

Lowering the cost and risk of big data initiates with full featured platform to rapidly explore, analyze and visualizing data in Hadoop.

Interact with the data warehousing team regarding extracting the data and suggest the standard data format such that Splunk will identify most of the fields.

Experienced in using various connectors to extract the data from different data sources

Experience in working with Chef configuration management tool to automate and manage servers.

Environment: Splunk, Qradar, Redhat Linux, XML, Oracle DB

Educational Qualification

Master’s, University of Central Missouri, Cyber security and Information assurance.

Bachelor’s, Vignan Institute of Technology and Science, Computer Science and Engineering.

CERTIFICATIONS

Certified Ethical Hacker(CEH) v10.

Trained on ITSI

Splunk Certified Power User

Splunk Certified Admin

Trained on Enterprise Security

Splunk advanced dashboards and visualizations

References: Provided upon request

Contact this candidate