splunk
Resume:
Naga SaiRaviMandava
adclbi@r.postjobfree.com
Professional Summary:
Around 6.5+ years of experience in Information Technology field as Splunk Developer/Admin, Enterprise Security ES.
Strong experience with Splunk 5.x, 6.x and 7.x product, distributed Splunk environment.
Design, & Integration experience on Security information and Event management solutions (SIEM).
Experienced in Architecting and deploying clustered/distributed Splunk Enterprise 6.x implementations to large, complex customers.
Implemented and finalized Splunk infrastructure in both a lab reference environment, as well as in production.
Designing and maintaining production-quality Splunk dashboards.
Integrating Splunk with a wide variety of legacy data sources and industry leading commercial security tools that use various protocols.
In depth and extensive knowledge of Splunk architecture and various components (indexer, forwarder, search head, deployment server), Heavy and Universal forwarder, License model.
Experience in integrating non-standard logs and sources into Splunk including SQL queries, scripted inputs and custom parsers.
Experience in developing custom app configurations (deployment-apps) within Splunk in order to parse, index multiple types of log format across all application environments.
Expertise in Installation, Configuration, Migration, Trouble-Shooting, and Maintenance of Splunk infrastructure.
Creating accurate reports, Dashboards, Visualizations, Elastic search and Pivot tables for the business users.
Worked on Security solutions (SIEM) that enable organizations to detect, respond and prevent these threats by providing valuable context and visual insights to help you make faster and smarter security decisions.
Responsible for the end-to-end event monitoring infrastructure of business-aligned applications.
Experience with Splunk UI/GUI development activities by managing the Splunk knowledge objects like Field extraction, Tags and Lookups management.
Ability to Debug Splunk related and integration issues.
Implemented workflow actions to drive troubleshooting across multiple event types in Splunk.
Expertise in Creating Splunk app for Enterprise Security to identify and address emerging security threats using continuous monitoring, alerting and analytics.
Installed and monitored Splunk Forwarders on Windows, UNIX and LINUX servers.
Used XML, Advanced XML and Search Processing language (SPL) for creating Dashboards, views, alerts, reports and saved searches.
Maintained and analyzed the security risks on to the whole network, servers and the systems through several vulnerability tools.
Technical skills
Splunk
Splunk 5.x and 6.x, Splunk Enterprise, Splunk on Splunk, Splunk DB 2 Connect, Splunk Cloud, Hunk, Splunk IT Service Intelligence, Splunk Web Framework
Operating Systems
Windows 2000, XP, Win 10, Windows Server, Unix/Linux (Red Hat)
Web Technologies
HTML, DHTML, JavaScript, XML, XSL, XSLT, REST, SOAP
Web/App Servers
Apache Tomcat 6.0, web logic8.1/9.2, web sphere 6.0
Concepts
SDLC, Object Oriented Analysis and Design, Unified Modeling Language (UML), Assembly and System Level Testing, exposure in Agile.
Programming Language
C, C++, Java, UNIX shell scripts
Work Experience:
Splunk Admin/ Developer Feb 2018 – Present
Hope Found Inc - Kensington, Md
Roles & Responsibilities:
Understand and interpret customer requirements for Splunk implementation for an enterprise solution.
Installation and configuration of Splunk product at different environments.
Configured Splunk Searching and Reporting modules, Knowledge Objects, Administration, Add-On's, Dashboards, Clustering and Forwarder Management.
Monitoring or analyzing the real-time events for the security devices like Firewall, IDS, Anti-Virus etc., using SIEM tools.
Upgraded Splunk Enterprise from v 6.2 to v 6.5.1 in clustered environments and non-clustered environments.
Used Splunk ITSI to create ITSI services and ITSI KPI's to increase our monitor in coverage.
Built custom searches and visualizations in both Splunk Core and Splunk ITSI.
Developed Splunk Dashboards, searches and reporting to support various internal clients in Security, IT Operations and Application Development.
Analyzed security-based events, risks and reporting instances. Correlating events from a Network, OS, Anti-Virus, IDS/ IPS, Firewalls or Proxies and analyzing them for possible threats.
Provide deployment strategies with the understanding of affordable risk based on customer acceptance.
Created and configured management reports and dashboards. Planned, implemented, and managed Splunk for log management and analytics
Monitor security violations, flag potential violations and logging security incidents in Service Now.
Validate the existing rules and provide recommendation on fine tuning the rules. Creating and sending Risk Advisories to our clients.
Suppress false positive alerts.
Weekly/Monthly incident analysis report.
Analyzing the events and providing solutions for the incidents.
Involved in setting up alerts for a different type of errors, Data Enrichment using the lookups and Data Interpretation using the Fields and Fields Extraction and performing the Data Normalization using the Tags.
Configure files, precedence and daily exposure to props.conf, transforms.conf, inputs.conf, outputs.conf and Setting up a forwarder information based on requirement.
Maintained Splunk Environment with multiple indexers; managed and configured settings.
Improved search performance by configuring to search heads for all Indexes in production.
Analyzed security-based events, risks and reporting instances.
Developed Splunk queries and dashboards targeted at understanding application performance and capacity analysis.
Worked on getting data in managing Splunk apps.
Assisted internal users of Splunk in designing and maintaining production-quality dashboards.
Splunk DB Connect 2.0 in search head cluster environments of Oracle.
Installation and implementation of several kinds of visualizations to Splunk dashboards.
Continuous monitoring of the alerts received through emails to check if all the application servers and web servers are up.
Worked on Parsing, Indexing, searching concepts Hot, Warm, Cold, Frozen bucketing.
Conducted surveillance on various phishing emails and created alerts from future spam.
Worked as part of Cyber Security Incident Response team to check on malware virus and threat emails.
Developed Splunk Search Processing Language (SPL) queries, created Reports, Alerts and Dashboards and customized them.
Splunk Engineer Dec 2015 – Jan 2018
Next Era -Palm Beach, FL
Roles & Responsibilities:
Designed, implemented, and optimized Splunk applications (to include Enterprise Security), queries, knowledge objects, and data models.
Developed custom scripts to facilitate automation, integration, and operational efficiencies.
Develop new dashboards, searches, and alerts to enhance Enterprise Security use cases.
Collaborated with other engineers and analysts to enhance development of actionable business intelligence, troubleshoot performance issues, and combat threats.
Educated management and peers about Splunk-related issues; Maintain compliance with security regulations and guidelines.
Identify errors and misconfigurations, potential upgrades, changes to increase performance, changes in ingestion rates and retention times to improve indexing, and log filtering to maximize Splunk Licensing.
Create new reports, metrics and dashboards.
Onboard new data from various sources and Designing and building new log & data mining services including
Planning, supporting of execution of assembling and Perform data mining and analysis, utilizing various queries and reporting methods.
Requirement gathering and analysis. Interacted with team members and users during the design and development of the applications and Splunk Objects.
Creating, maintain, support, repair, customizing System & Splunk applications, search queries and dashboards.
Building Splunk queries by Splunk Search Processing Language (SPL) and Regular expressions.
Data collection from various systems/servers, Forwarder Management, creating and managing Splunk apps.
Good experience in working with SNMP traps and Syslog NG in onboarding the security devices on Splunk.
Installed Splunk Common Information Model add-on is packaged with Splunk Enterprise
Security, Splunk IT Service Intelligence, and the Splunk App for PCI Compliance.
Install, configure, and troubleshoot Splunk. Experience with regular expressions and using regular
expressions for data retrieval. Work with application owners to create or update monitoring for applications.
Good experience in building Splunk Security Analytics. Lead logging enrollments from multi-tier applications into the enterprise logging platforms.
Assist internal users of Splunk in designing and maintaining production-quality dashboards
Ownership of the log & data mining service based on the Splunk product including
This individual will also be expected to work with other departments, representing the team on all technical matters related to log monitoring and analysis
The Splunk engineer should be familiar with a Linux environment, editing and maintaining Splunk configuration files and apps.
Configurations with deployment server, indexers, search heads, serverclass.conf, server.conf, apps.conf, props.conf, transform.conf, forwarder management configurations.
Good experience in clustering, deploying apps through Splunk deployment server, deployer, Splunk version upgradation, creating roles and authentication.
Created Summary searches and reports; In depth knowledge of Splunk license usage abd safeguarding from violation.
Splunk Developer Aug 2013 – Sept 2015
Duke Energy -Charlotte, NC
Responsibilities:
Created and configured management reports and dashboards. Planned, implemented, and managed Splunk for log management and analytics.
Created advanced dashboards, alerts, reports, advanced Splunk searches and visualization in Splunk enterprise.
Experience with administration, architecture and upgrades for distributed Splunk environments on LINUX / Windows Systems.
Developed SPL (Search processing Language) Queries to create reports, alerts, Knowledge Objects and dashboards.
Managing indexes and cluster indexes, Splunk web frame work, data model and pivot tables.
Integration on Netcool with multiple monitoring tools such as Splunk, Wily and Dynatrace.
Deployed apps to windows systems and configure to collect windows application, security, audit, user activities, printers and SQL servers event logs inject into Splunk Enterprise System.
Extensively used App Dynamics to monitor CPU, memory usage, JVM heap memory health, session and thread counts, and application log error.
Install and maintain the Splunk add-on including the DB Connect, Active Directory LDAP for work with directory and SQL database.
Monitored license usage, indexing metrics, Index Performance, Forwarder performance, death testing.
Used App Dynamics to create a custom visualization based on the geographic conditions. And applied App Dynamics as a checkpoint to monitor the customer related issues.
Created Lookups, Field Aliases, tags, Events, dashboards, alerts as per the requirements provided by the business.
Involved in the admin activities & worked on the inputs.conf, index.conf, props.conf and transforms.conf to set up timezone& timestamp extractions, complex event transformations.
Application Log, Security Log & Performance monitoring leveraging Splunk.
Created custom app configurations (deployment-apps) within Splunk to parse, index multiple types of log format.
Worked for getting data in managing Splunk apps. Assisted internal users of Splunk in designing and maintaining production-quality dashboards.
Worked on ingesting data into Splunk with Universal Forwarder.
Experience on Splunk search construction with ability to create well-structured quires that minimize performance impact.
Created Tableau worksheet which involves Schema Import, Implementing the business logic by customization.
Prepared dashboards using calculated fields, groups, sets and hierarchies in Tableau. Generated Tableau dashboards with combination charts for clear understanding.
Installed and configured Splunk Universal Forwarders on both UNIX (Linux, Solaris, and AIX) and Windows Servers.
Educational Qualification
Contact this candidate