SUMMARY

• Over 6 plus years of Professional experience in Data visualization, Analytics, Data management, Data Integration, Implementation and Maintenance of Business Intelligence and the related database platforms.
• Design and implement Splunk Architecture for both on premise and AWS cloud (Indexer, Deployment server, Search heads, and Forwarder management), create/migrate existing Dashboards, Reports, Alerts, on daily/weekly schedule to provide the best productivity and service to the business units and other stakeholders.
• Customizing Splunk for Monitoring, Application Management and Security as per customer requirements.
• Configuring Splunk ITSI features - Service Analyzer, Notable Events review, Glass Tables, Deep Dives, Multi-KPI alerts etc.
• Good experience in working with SNMP traps and Syslog NG in onboarding the security devices on Splunk.
• Experienced in Preparing, arranging and testing Splunk search strings and operational strings .
• Proficiency with the usage of various search commands like stats, chart, timechart, transaction, strptime, strftime, eval, where, table and experience with the usage of Extract key word, sed and used Macros to reuse the searches etc.
• Hands on experience in using the commands like rex, regex, sed and IFX to extract the fields from the log files.
• Extensive knowledge in creating accurate reports using XML, Dashboards, visualization and pivot tables for the business users.
• Expertise in optimizing traffic across network using Combiners, joining multiple schema datasets using Join and organizing data using Practitioners and Buckets.
• Knowledge on configuration files like props.conf, transforms.conf, output.conf, limits.conf etc.
• Extensive knowledge in creating accurate reports using XML, Dashboards, visualization and pivot tables for the business users.
• Maintained and managed assigned systems, Splunk related issues and administrators.
• Good knowledge on Objects such as Event Types, Tags, Field Extraction (Using Regular Expression), Lookups etc.
• Provided technical services to projects, user requests and data queries as well as supported change management processes.
• Expertise in Monitoring all Critical Applications to save approximately 50% of Business Hours and helping the application teams to find the root cause with help of the tools (ExtraHop, Catchpoint, Splunk, Dynatrace and Moogsoft).
• Analyzed and monitored incident management and incident resolution problems.
• Strong experience in Splunk dashboard creation, app development, validation etc. Also aware of various quality concepts like SCM.
• Indexing the data with the help of Scripted Input.
• Experience in automation using UNIX Shell Scripting and Python scripting.
• Knowledge of AWS, creating EC2 instances, S3 buckets on AWS to store Cloud Formation Templates
• Upgraded Multisite Splunk Enterprise from 6.5.4 to 7.0.5, 6.6.2 to 7.1.2 and 7.1.5 to 7.2.4.
• Installation and configuration of Hadoop Data Roll for archiving and searching data in S3 buckets.
• Research, analyze, and resolve customer issues and questions
• Onboarding URL Applications into catchpoint to monitor availability and performance of the URL’s.
• Good understanding of Network Firewalls, Load-balancers, LDAP and complex network design.

TECHNICAL SKILLS

Tools: Splunk 6.x, 7.x, Splunk ITSI, SiteScope, Catchpoint, Dynatrace, ExtraHop, Moogsoft, xMatters

Operating Systems: Windows, Solaris, Redhat, Ubuntu and Unix/Linux

Web Technologies: HTML, CSS, XML, JavaScript

Scripting: Unix Shell Scripting, Python Scripting

ETL Tools: Data Transformation Services, SQL Server Integration Services (SSIS), SQL Server Reporting Services (SSRS), MySQL

PROFESSIONAL EXPERIENCE

Confidential, Reston Virginia

Technical Consultant

Responsibilities:

• Handling daily operations and supporting application infrastructure for Moogsoft, Catchpoint, xMatters and Splunk.
• Work closely with application teams to identify and triage production issues with help of the tools (Splunk, Moogsoft, Catchpoint and Dynatrace).
• Upgraded Splunk Enterprise from 7.1.2 to 7.2.4 and Splunk ITSI from 3.1.2 to 4.2.6.
• Worked with Application engagements for data onboarding, creating alerts, dashboards using the Splunk query language.
• Integrating with Splunk and creating custom dashboards for Moogsoft, Extrahop, Solarwinds and Dynatrace.
• Install and maintain the Splunk adds-on including the DB Connect, Active Directory LDAP for work with directory and SQL database.
• Configured SAML and LDAP for user authentication and Single Sign-on in Splunk Web.
• Troubleshooting and resolve the Splunk - performance, search pooling, log ingestion issues, role mapping, dashboard creation etc.
• Helping users to navigate and use tools (ExtraHop, Catchpoint, Splunk, Dynatrace and Moogsoft) to identify the problem tickets and resolving them.
• Worked on setting up monitors and alerts in Catchpoint using selenium web driver.
• Onboarding application production support teams to moogsoft, addressing user issues and helping them to resolve situations.
• Participating in daily production incident calls and helping teams to identify issues with available monitoring tools.
• Assisting application teams to setup required monitors based on the business criticality.
• Created advance dashboard in Splunk to monitor end to end transaction for business applications and drill downs to other tools.
• Configured Hybrid Search head for On-prem and AWS.
• AWS configuration, launching and configuring Splunk instances in multiple virtual machines.
• Used Splunk Enterprise REST API that uses HTTP requests to configure and manage Splunk instance, create and run searches.
• Working with application team to identify critical KPI’s and entities to create services in ITSI.
• Onboarded Cloud watch logs to Splunk using Kinesis Firehose and created advanced props and transforms configuration to route and filter data into different indexe’s in Splunk based on the application.

Confidential, Detroit Michigan

Splunk Engineer

Responsibilities:

• Upgraded Splunk Enterprise from 6.5.2 to 7.0.5.
• Worked with Client engagements for data onboarding, creating alerts, dashboards using the Splunk query language.
• Coordinating with application and system owners to onboard applications in Splunk and ensure logging capabilities are functional. Developed, evaluated and documented specific metrics for management purpose.
• Installation and Maintenance of Splunk Universal Forwarders, Solving Forwarder Issues, Deployment Server Classes and Apps through Deployment Server.
• Created virtual indexes to search archive data using Hadoop.
• Filtering and routing data to indexes using props.conf and transforms.conf.
• Creating field extractions for index time and search time field extractions.
• Installation and configuration of Splunk apps for data onboarding into Splunk.
• Optimizing dashboards using post processing method and summary indexing.
• Worked on DB Connect configuration for Oracle, MySQL and MSSQL.
• Monitored Database Connection Health by using Splunk DB connects health dashboards.
• Experience in creating HTTP event collector (HEC) tokens and sharing it to the respective teams to send logs through secure channel to Splunk.
• Managing and troubleshooting issues in the Splunk infrastructure on daily basis.
• Splunk Enterprise 6.5.2,7.0.5

Confidential, Columbus OH

Splunk Admin

Responsibilities:

• Upgraded Splunk Enterprise from 6.6.2 to 7.1.2.
• Installation and configuration of Splunk universal and heavy forwarders in different operating systems.
• Worked on Knowledge Objects such as Event Types, Tags, Field Extraction (Using Regular Expression) and Lookups etc.
• Define and Modify alerts for application team for efficient handling of production issues.
• Upgradation and configuration of Db connect app to 3.2.
• Create and schedule search jobs based on the requests by internal application teams.
• Normalization of data to create data models.
• Index Time Extraction and Search Time Extraction of Fields, Parsing the Data in Forwarders.
• Routing data to different indexes using props.conf and transforms.conf.
• Onboarding data from different applications using Universal Forwarder, network ports (tcp/udp) and rest end points.
• Creating and optimizing dashboards using post processing search method.
• Extracting fields using regular expressions.
• Installation and configuration of Hadoop data roll for archiving Splunk data in AWS S3 buckets.
• Monitoring splunkd process using Sitescope.
• Masking PII data using sed command.

Confidential, AZ

Splunk Admin/Developer

Responsibilities:

• Created automation in pulling data from share point and adding those exceptions to the summary searches as part of Splunk automation .
• Installation and configuration of Splunk universal and heavy forwarders in different operating systems.
• Worked on Knowledge Objects such as Event Types, Tags, Field Extraction (Using Regular Expression) and Lookups etc.
• Define and Modify alerts for application team for efficient handling of production issues.
• Collaborated with teams like Java and Dot net to integrate splunk using SDKs to make sure that they can easily direct the dashboards using a single button.
• Installed Splunk SDK for C# and worked with Saved searches, Reports, Jobs, Configurations, Inputs and applications using SDK library code.
• Installed Splunk SDK for C# in Visual studio using NuGet packages or manually by inserting the ZIP into Project.
• Create and schedule search jobs based on the requests by internal application teams.
• Creating Dashboards with the help of Pivot in 6.2 (Creating Data Models, Data Object).
• Index Time Extraction and Search Time Extraction of Fields, Parsing the Data in Forwarders.
• Integrated Service Now with Splunk to generate automatic triggered alerts.
• Worked closely with Opsview or nagios teams to monitor networks and to create alerts in Opsview.
• LDAP Configuration in Splunk as well as segregation of Users on the basis of their Roles.
• Worked closely with the teams to design and develop ArcSight architecture components and related upgrades.
• Integrated splunk Enterprise with ArcSight.
• Installed and configured CEF (Common event format) splunk app to get data from ArcSight connectors.
• Developed Splunk Infrastructure on Cloud (Amazon AWS) in coordination with infrastructure Support Teams.
• Installing and Configuring Indexer, Search Head, License Server as well as Deployment Server on Cloud (Amazon AWS) .
• Index Time Extraction and Search Time Extraction of Fields, Parsing the Data in Forwarders.
• Search Head Clustering, Deploying Configuration Bundles through Deployer, etc.
• To extend the lookup functionality using KV Store Collection.
• Forwarder Management like installing forwarders on different machines.
• Integrated Service Now with Splunk to generate automatic triggered alerts.
• Created dashboards like JVM, web Traffic and for different portals.
• Collaborated with internal teams to integrate data feeds to a centralized Splunk platform.
• Installed different apps from cluster master and pushed out to search heads for troubleshooting Splunk and for different purposes.
• Design and maintained production-quality dashboard.
• Created a test environment of splunk clustered environment in AWS EC2 instances and S3 storage.
• Worked on creating macros for reusing the search and for making the long search to small.
• Creation of Alerts and Dashboards Using AppDynamics.
• Trained Splunk security team members for complex search strings and ES modules.
• Managed and maintained use cases into correlation systems.
• Resolved configuration-based issues in coordination with infrastructure support teams.

Confidential, Charlotte NC

Splunk Engineer

Responsibilities:

• Prepared, arranged and tested Splunk search strings and operational strings.
• Created and configured management reports and dashboards.
• Developed, evaluated and documented specific metrics for management purpose.
• Trained Splunk security team members for complex search strings and ES modules.
• Developed Splunk infrastructure and related solutions as per automation toolsets.
• Worked and integrated Splunk app for CEF to get the data from ArcSight connectors.
• Worked closely with Nagios and ArcSight teams to get data into splunk and create alerts.
• Installed, tested and deployed monitoring solutions with Splunk services.
• Creating Dashboards according to the business needs using Advance XML
• Creating Applications on Splunk to analyze the Big Data
• Creating and Binding fields with the Splunk MetaData with the help of Regular Expression
• Taking care of the Retention Policy of the Indexers.
• Indexing the data with the help of Scripted Input.
• Index Time Extraction and Search Time Extraction of Fields, Parsing the Data in Forwarders
• Managing "Distributed Management Console" to assign proper roles to all boxes
• Search Head Clustering, Deploying Configuration Bundles through Deployer, etc.
• Forwarding the data from a different application to the indexers using UF/HF
• Creating Applications on Splunk to analyze the Big Data .
• Played a major role in understanding the logs, server data & brought an insight of the data for the users.
• Extensive experience on setting up the Splunk to monitor the customer volume and track the customer activity.
• Have involved as a Splunk Admin in capturing, analyzing and monitoring front end and middle ware applications.
• Worked on setting up Splunk to capture and analyze data from various layers Load Balancers, Web servers and application servers.
• I have helped teams to on-board data, create various knowledge objects, install and maintain the SplunkApps, TAs.
• Various types of charts Alert settings Knowledge of app creation, user and role access permissions, creating and managing app, create user role Permissions to knowledge objects.
• Extensive experience on setting up the Splunk to monitor the customer volume and track the customer activity.
• Provide regular support guidance to Splunk project teams on complex solution and issue resolution.