Home

Srinivas - Splunk Master

[email protected]

Location: Irving, Texas, USA

Relocation: Remote

Visa: H1B

Srinivasa Senior Splunk Engineer [email protected] +1 972-945-5806 Certifications: Splunk Certified Admin Splunk Certified Architect Splunk Enterprise Security Certified Admin Professional Summary: 10+ years of IT experience and 7+ years of experience with Splunk - Enterprise Splunk, Splunk DB Connect, Splunk Enterprise Security, Splunk configuring, implementing, and supporting Splunk Server Infrastructure across Windows, UNIX and Linux Over 5+ years of experience as a Splunk Subject Matter Expert, specializing in architecting and deploying Splunk solutions for diverse enterprise environments. Have good experience in migrating the Splunk environment from Windows to Linux and on-perm to Cloud environments. Have a very good experience with capacity planning, resource allocation and maintaining a stable Splunk environment. Worked on Architectural Design to Design and implement Splunk architectures to meet the organization's needs, ensuring scalability, performance, and security. Extensive knowledge of Splunk architecture and various components. Passionate about Machine data and operational Intelligence. Having experience in understanding Splunk 5. x, 6. x and 7.3, 8. x, 9. x product, Distributed Splunk architecture and components including search heads, indexers, forwarders. Expertise in Splunk enterprise architecture such as Search Heads, Indexers, Deployment servers, Deployer, License Master, and Heavy/Universal Forwarders. Experience analyzing network, event, and security logs on-premise and cloud Delivered training sessions and workshops to educate internal teams on best practices for Azure and Splunk monitoring. Headed Proofs-of-Concept on Splunk implementation, Splunk indexing and plugins, mentored and guided other team members on Understanding the use case of Splunk. Installation and implementation of the Splunk App for Enterprise Security documented best practices for the installation and performed knowledge transfer on the process. Expert in installing and using Splunk apps for Unix and Linux (Splunk nix). Used Time chart attributes such as Span, Bins, Tag, and Event Types. Created and configured management reports and dashboards. Experience with Splunk Searching and Reporting modules - (Splunk ITSI and Enterprise Security App) Knowledge Objects, Administration. Experience on Splunk Enterprise Deployments and enable continuous integration as part of configuration using (props. conf, Transforms. conf, Input.conf&Output.conf, Deployment. conf) management. Experience in creating and Managing Splunk DB connects Identities, Database Connections, Database Inputs, Outputs, lookups, and access controls. Developed custom Splunk ES apps to integrate network security tools, leading to improved visibility and threat detection. Have a good experience with working on use case management. Writing correlation rules and setup to generate notables. Correlating events from a Network, OS, Anti-Virus, IDS/ IPS, Firewalls or Proxies and analyzing them for possible threats. Good experience in Vulnerability Scanning: Initial setup, testing, and configuration of DbProtect/AppDetective databasevulnerability scanner, Vulnerability scanning and assessments with tools including Tenable SecurityCenter, Nessus, TripWire, Qualys, Trustwave DbProtect and HP Web Inspect. Provides technical expertise in security risk management, security architectures and implementations, and utilizing effective security risk assessment practices. Performed routine security functions for risk detection, prevention, and response. Monitor security systems & events to detect investigate & mitigate threats. Conducted threat analysis using Splunk ES to identify and mitigate potential security threats, resulting in a 25% reduction in the number of security incidents In-depth and extensive Knowledge in setting up alerts and Monitoring recipes from Machine-generated data Technical Skills: Splunk: Splunk 5.x and 6.x 7.x 7.1,7.3, 8.X, 9.X Splunk Enterprise, Splunk on Splunk, Splunk DB 2 Connect, Splunk Cloud, Hunk, Splunk IT Service Intelligence, Splunk Enterprise Security, Xsoar Operating Systems: Windows 2012, XP, Win 10, Windows Server, Unix/Linux (Red Hat), Free BSD Data Analysis: Requirement Analysis, Business Analysis, detail design, data flow diagrams, data definition table, Business Rules, data modelling, Data Warehousing, system integration RDBMS: Oracle 11g/10g/9i/8i, MS-SQL Server 2000/2005/2008, Sybase, DB2 MS Access, Mysql Concepts: SDLC, Object Oriented Analysis and Design, Unified Modeling Language (UML), Elastic, Assembly and System Level Testing, exposure in Agile. Professional Experience: Client: Medpro - Fort Wayne, IN Jun 2023 to Present Sr. Splunk SME Engineer Involved in installing, and configuring Splunk Enterprise 7. X and 9. X on Red Hat Linux and Windows servers. Created Dashboards and Reports to show the Login count of each application, which app resources are being accessed more, the number of failed logins, and statistics on hitting applications. Involved in setting up Splunk Forwarders for new application tiers introduced into the environment and existing applications. Proficient in configuring, deploying, and managing Splunk Enterprise Security components, including correlation searches, threat intelligence feeds, and user and entity behavior analytics (UEBA). Work closely with Application Teams to create new Splunk dashboards for Operation teams. Troubleshooting and resolving the Splunk performance, log monitoring issues; role mapping, dashboard creation etc. Designed and implemented Splunk Enterprise Security solutions for clients across various industries, including finance, healthcare, and government. Configured and optimized correlation searches and threat intelligence feeds to enhance detection capabilities and reduce false positives. Developed custom dashboards and reports to provide visibility into security posture and support compliance requirements. Conducted security assessments and audits to identify vulnerabilities and recommend remediation strategies. Collaborated with cross-functional teams to integrate Splunk Enterprise Security with existing security tools and workflows. I am involved in Parsing, Indexing and Searching Concepts Hot, Warm, Cold, and Frozen bucketing. Experience with Linux and Windows specialists for Splunk organization with a strong comprehensive of the Splunk framework. Hands-on Experience in Installation, Configuration, Migration, Trouble-Shooting and Maintenance of Splunk and WebLogic Servers on different Unix flavors like Linux and Solaris Experience in creating Regular Expressions for Field Extractions and Field Transformations in Splunk. Configure Splunk for all the mission-critical applications and use Splunk effectively for Application troubleshooting and monitoring post-go-lives Supported 8+ Splunk search Heads, 40 + Indexers, 2500 + forwarders. Fetching the data from databases using the "DB Connect Application" Extensively involved in troubleshooting issues and documenting problem resolutions for future reference. Hands-on experience in setting up Search Head Clustering and Indexer Clustering. Hands-on experience in App Dynamics, used for performance monitoring and slowness of the calls. Configure Splunk security certificates in the newly installed Search Heads. Use techniques to optimize searches for better performance and search time field extractions. And understanding of configuration files, precedence and working. Client: Suntrust, Atlanta, GA (INFOSYS) Apr 2019 to May 2023 Sr. Splunk SME Engineer Developed Splunk infrastructure and related solutions as per business requirements and automation toolsets. Designed Splunk Cloud Architecture to Integrate with Linux Infrastructure Installed, Configured, Maintained, Tuned and Supported Splunk Enterprise server7.x/8.x, 9. X Created an implemented new Splunk DR environment set up on AWS Cloud Conducted comprehensive assessments of clients' existing Elasticsearch setups, identifying areas for improvement and implementing enhancements. Provided training and support to internal teams on best practices for alert creation, dashboard development, and pipeline optimization. Monitors, analyzes, enriches and parses logs from a variety of technologies across multiple platforms such as IDS/IPS(Sourcefire, Dell secure work) Extensive knowledge of Splunk Enterprise, Splunk Cloud, and Splunk Enterprise Security, including search optimization, data onboarding, and dashboard development. Proven track record of leading successful Splunk implementations, from initial design and configuration to ongoing maintenance and optimization. Strong understanding of IT infrastructure and security concepts, with the ability to translate business requirements into technical solutions. Excellent communication and interpersonal skills, with a demonstrated ability to collaborate with cross-functional teams and stakeholders. Worked on migrating the Splunk environment from on-perm to Windows, Designed and implemented smooth transition of Splunk from on-perm to cloud. Experience in Splunk GUI development creating Splunk apps, searches, Data models, dashboards, and Reports using the Splunk query language. Designed and implemented end-to-end monitoring solutions for Azure cloud environments, including Azure Monitor, Log Analytics, Application Insights, and Azure Security Center. Provided expertise in integrating Azure services with Splunk, enabling comprehensive monitoring and correlation of logs across hybrid cloud environments. Designed and implemented complex data ingestion pipelines using Cribl LogStream to streamline the collection, transformation, and routing of machine data into Splunk. Developed custom processing rules and transformations in Cribl LogStream to enrich data, improve indexing efficiency, and reduce ingestion costs. Optimized Splunk configurations and search queries to maximize performance and scalability, ensuring rapid data analysis and actionable insights. Collaborated with stakeholders to understand business requirements and translate them into technical solutions leveraging Splunk and Cribl LogStream. Provided technical guidance and support to cross-functional teams on best practices for Splunk and Cribl LogStream usage, configuration, and troubleshooting. Collaborated with clients to understand their unique business challenges and delivered tailored Elastic solutions to address their specific needs Provide regular support guidance to Splunk project teams on complex solutions and issue resolution. Responsible for documenting the current architectural configurations and detailed data flow and troubleshooting guides for application support. Constantly monitored Splunk health checks like CPU and Memory Usage on the DMC Console. Involved as a Splunk Admin in capturing, analyzing and monitoring front-end and middleware applications. Worked with Client engagements and data onboarding and writing alerts, and dashboards using the Search Processing Language (SPL). Spearheaded the implementation of Elastic Stack for log management and analysis, resulting in a 30% improvement in system monitoring capabilities. Collaborated with cross-functional teams to understand data requirements and designed customized dashboards tailored to specific business needs. Configured LogRhythm alarms and rules to detect anomalous activities and potential security breaches. Conducted regular LogRhythm training sessions for junior analysts to enhance team proficiency. Generated Shell Scripts to install Splunk Forwarders on all servers and configure with common Configuration Files such as Bootstrap scripts, and Outputs. conf and Inputs. conf files. Onboard new log sources with log analysis and parsing to enable SIEM correlation. Configuration of inputs. conf and outputs. conf to pull the XML-based events to the Splunk cloud indexer. Various types of charts alert settings Knowledge of app creation, user and role access permissions. Creating and managing apps, creating user, role, and permissions to knowledge objects. Monitoring Domain Controller server to push Active Directory logs to Splunk. Splunk expert-level understanding with Splunk Enterprise in CIM, Data models, Event management and Tags Articulated and conveyed advanced technical concepts in presentation face-to-face related to Automated data processing tasks, optimizing resource utilization and enhancing overall system performance. designing/developing processes that can be understood and followed by Splunk developers and administrators Expert in producing high-quality technical documentation for a team of experts for project implementation. Parsing, Indexing, Searching concepts Hot, Warm, Cold, Frozen bucketing and Splunk clustering. Setup and configuration of search head cluster with three search head nodes and managing the search head cluster with deployer. Involved in standardizing Splunk forwarder deployment, configuration and maintenance across UNIX and Windows platforms. Provide regular support guidance to SPLUNK project teams on complex solutions and issue resolution to ensure best fit and high quality. Interact with the data warehousing team regarding extracting the data and suggest the standard data format such that Splunk will identify most of the fields. Analyzed large datasets to identify metrics, drivers, performance gaps and opportunities for improvement Designed and implemented a NoSQL-based database and associated RESTful web service that persists high-volume user profile data for vertical teams. Scripted SQL Queries following the Splunk. Created many of the proof-of-concept dashboards for IT operations, and service owners which are used to monitor application and server health. Created Dashboards, reports, scheduled searches and alerts. User and security account management using LDAP and Kerberos configurations protocols, and file management using RWX permissions or ACL. Created a dashboard for monitoring multiple tools like Service Now, DLP, network traffic, user behavior, infrastructure monitoring, and data logging. Created complicated dashboards to monitor the whole infrastructure using various tools data displaying any red flags, And also displays how many notables were fired during each hour and looks for the status the each correlation search. Monitoring and Maintaining system configuration and log files and system errors with password recovery and performance tuning, performing fault isolation and root-cause analysis of recurring issues. Responsible for data management using Red Hat utilities for archiving, compression backup and restoration Create a dashboard from search, scheduled searches and Inline search vs scheduled search in a dashboard. Field Extraction, Using IFX, Rex Command and Regex in configuration files. Providing Information Security Operations Center (ISOC) support, analyzing a variety of network and host-based security logs (Firewalls, NIDS, HIDS, Syslog, etc.) Splunk administering in environments like Windows servers, Red Hat Linux Enterprise Server Implemented and managed Splunk Enterprise to ingest, index, and correlate log data from diverse sources for comprehensive threat detection and response. Client Windstream - Dallas, TX Aug 2017 to Apr 2019 Splunk Engineer Designed Splunk Enterprise 6.5 and 7.0,7.1 infrastructure to provide high availability by configuring clusters across two different data centers. Create documentation on build, deployment, and sustainment processes and procedures for application use in cloud capable datacenter Installed, Configured, Maintained, Tuned and Supported Splunk Enterprise server7.x/6.x/5.x. Architect and Implement Splunk arrangements in exceptionally accessible, repetitive, conveyed figuring situations. Performed Field Extracts and Transformations using the RegEx in Splunk. Designed the large-scale job scheduling mechanism for mortgage underwriting operation teams Analysed the 22 reports to determine the conversion of the reports either using FID tables and views or using Free Form SQL. Conducted regular reviews of LogRhythm and Splunk configurations, fine-tuning settings and policies to optimize performance and ensure compliance with industry standards. Operate, develop for, and maintain the Splunk log management infrastructure, leverage knowledge on a number of security technologies, information security, and networking Worked on installing Universal Forwarders and Heavy Forwarders to bring any kind of data fields into Splunk. Installed and configured Splunk Universal Forwarders on both UNIX (Linux, Solaris, and AIX) and Windows Servers. Hands-on experience in customizing Splunk dashboards, visualizations, and configurations using customized Splunk queries. Monitored the Splunk infrastructure for capacity planning, scalability, and optimization. Monitored license usage, indexing metrics, Index Performance, Forwarder performance, and death testing. Splunk Architecture/Engineering and Administration for SOX monitoring and control compliance. Design and implement Splunk Architecture (Indexer, Deployment server, Search heads, and Forwarder management), create/migrate existing Dashboards, Reports, and Alerts, on a daily/weekly schedule to provide the best productivity and service to the business units and other stakeholders. Involved in standardizing Splunk forwarder deployment, configuration and maintenance across UNIX and Windows platforms. LogRhythm experience to design, implement, and manage comprehensive security monitoring solutions for clients across various industries. Responsible for troubleshooting various indexing issues by analyzing Splunk logs such as splunkd.log, and metrics.log ingested as internal index. Support and execute arrangements considering a full information lifecycle (Search and investigate, Add Knowledge, Monitor and alert, Report and analyze). Followed agile and scrum processes for the whole implementation process Client - ANZ Bank - Bengaluru, India Nov 2014 to Dec 2015 Splunk Admin Responsibilities: Installed, Configured, Maintained, Tuned and Supported Splunk Enterprise Server 6.0 and Splunk Universal Forwarder 6.0. Administered a complex cluster-based environment involving search heads in a cluster while the indexers were in standalone mode. Configured Splunk forwarder to send unnecessary log events to "Null Queue" using props and transforms configurations. Created and configured management reports and dashboards in Splunk for application log monitoring. Active monitoring of Jobs through alert tools and responding with certain action to logs analyses the logs and escalates to high level teams on critical issues. Responsible for developing Splunk queries and dashboards targeted at understanding application performance and capacity analysis. Extensive experience in setting up Splunk to monitor the customer volume and track customer activity. Have been involved as a Splunk Admin in capturing, analyzing and monitoring front-end and middleware applications. Created Shell Scripts to install Splunk Forwarders on all servers and configure with common configuration files such as Bootstrap scripts, Outputs. conf and Inputs. conf files. Extensively used Splunk Search Processing Language (SPL) queries, Reports, Alerts and Dashboards. Installation and implementation of the Splunk App for Enterprise Security documented best practices for the installation and performed knowledge transfer on the process. Using DB connect for real-time data integration between Splunk Enterprise and databases. Analyzing at the forwarder level to mask the customer-sensitive data able to manage distributed search across a set of indexers. Administered various shell and Python scripts for monitoring and automation. Extensive experience in setting up Splunk to monitor the customer volume and track customer activity. Administering the MS SQL Server by Creating User Logins with appropriate roles, dropping and locking the logins, monitoring the user accounts, creating of groups, and granting privileges to users and groups. Client HSBC - Bengaluru, India FEB 2012 to Nov 2014 PL/SQL Developer Responsibilities: Responsible for Analysis, Design, Coding, Debugging and testing the processes/programs that are necessary to extract data from Operational Databases, transforming and cleaning the data and loading it to the data ware house. Experience in writing the SQL, and PLSQL stored procedures to meet the business requirements and the transformations. Developed PL/SQL triggers and master tables for the automatic creation of primary keys. Used Dynamic SQL to implement DDL statements in PL/SQL programs. Worked with the team to design, develop, test & implement the system. Creation of database objects like tables, and procedures using Oracle tools like PL/SQL, and TOAD. Written Stored Procedures using PL/SQL. Responsible for developing PL/SQL Functions, Procedures, Packages, Cursors and Triggers. Created programming code using advanced concepts of Records, Collections and Dynamic SQL. Extensively used error and exception handling techniques for validation purposes in code. Created Functions for duty calculations and validation of the inputs. Involved in the Development of the applications by using PL/SQL tools like cursors and exception handlers, Loops and records. SQL Queries. Generated specific reports using the crystal report system. Developed scripts for checking Oracle errors in alert logs and trace files every 15minutes. Involved in coding with SQL, PL/SQL function, stored procedure, packages, triggers, and Materialized view for Oracle database. Successfully performed data replication using Materialized views. Implementing Best Practices for optimizing and tuning the database. Monitoring the database audit log. Client Accenture - Bangalore, India SEP 2010 to FEB 2012 SQL Developer Responsibilities: Designed, Coded, Tested, and Implemented the Stored Procedures to support the System. Fixed bugs in the existing in-house developed Software which is used to upload the reports for the end users to view the reports. Created records, tables, and collections (nested tables and arrays) for improving Query performance by reducing context switching. Participated in code reviews in Oracle Views, and Pl/SQL Procedures to understand the testing needs of the change components. Involved in writing PL/SQL Packages, Functions, Stored Procedures, and Data Base Triggers. Created huge database packages with related functions and procedures. Added database triggers to some history tables of the database. Created and configured SQL mail to send mail as events occur. Education: Masters in Computer Science from Pacific States University in 2017 [email protected] +1 972-945-5806 Keywords: access management database information technology golang hewlett packard microsoft procedural language Georgia Texas