Client: HSBC

Role:Splunk Developer

Location: Hyderabad, India (March’18 – July 21) 

Role:Splunk ITSI Developer/Admin

NewYork, Oct’21 – Till Date

Responsibilities:

 Splunk is a logging system for Telecoms Infrastructure. Logging is required for troubleshooting , compliance and various different types of analysis on the infrastructure. All telecoms infrastructure use the 'Syslog' format for sending logs to Splunk. Syslog format is a standard in computing industry for system logging

·        Working as a Consultant and a Global SME for Splunk.

·        Provided solutions for Splunk and Splunk Apps for Enterprise solutions. Having sound knowledge of Installation, Integrating Splunk with a wide variety of data sources that use a variety of protocols.

·        Installation and configuration of syslog-ng for syslog collection from devices.

·        Manage Elastic Stack as a shared service across on-prem and cloud.

·        Infrastructure design for the ELK clusters. Elasticsearch, Filebeat, Logstash performance and configuration Tuning.

·        Have Prepared Elasticsearch documentation and trained the team to perform day-to-day operations like backup, reindexing, restore, creating index patterns, troubleshooting frequently occurring issues.

·        Involved in the designing of Splunk Enterprise and migrated the data from ELK to Splunk using indexes.

·        Also handled Enterprise Admins in all phases of getting data into Splunk (From Pre-indexing to post indexing statistical data analysis)

·        Integrating security solutions with existing products and help identify cyberattacks by using UEBA (User Entity Behavior Analysis) platform applications.

·        Expert in Splunk search language and able to create and optimise complex, extensive data correlations and having good experience in Regular Expressions (REGEX) .

·        Expert in Splunk and Splunk Enterprise architecture to design, implement, and troubleshoot deployment, maintenance, and upgrade solutions for deployments of Enterprise Management.

·        Identifying the F5 Threat detection WAF and log4j attacks and developing dashboards which provided insights to security team to identiy the patterns and remediate them.

·        Developed a wokflow in Splunk by integrating with other sources to provide end to end mapping of service impact if there is any issue in the datacenter infrastructure.

·        Proactive measures for Bluecoat capacity like CPU and in/out traffic flowing.

·        Identifying Configuration change detection in the devices from the syslog and integration to Network automation tool to initiate a backup of config to satisy compliance standards.

·        Building the automation forTriggering the workflow in Itential based on the event detection in splunk.

·        Handled Large Scale Multisite cluster with Disaster Recovery. Done Capacity Planning and Sizing regularly

·        Provided L3 technical support for NNM for management of Network devices (Routers,

Switches, Firewalls, Wireless, Load Balancer etc.) monitoring, the configuration of various correlations             & suppression logics, protocol-based monitoring, the configuration of various iSPIs (Performance for metrics, Performance for Traffic, IP Telephony, IP Multicast & Quality Assurance), Reports customization, integration with other HP tools and third-party applications.

·        Provided technical support for Network Automation. Deployment of various policies and task configuration, Integration with NNM, Report creation and auto-scheduling of reports.

·        Performed threat hunting, Incident Response (IR) using Carbon Black Endpoint Detection and Response (EDR). Developed correlation rules and conducted incident analysis using Splunk ES and Exabeam UBA, UEBA.

·        Created formal documentation such as reports, training material, slide decks, and architecture diagrams.

·        Handled Splunk & NNM migration project from older version to latest version for all-region

·        Worked for automation of tools by using Python Script.