Splunk

Highlights

I have been a Splunk Consultant, Architect, Tech Lead, and Administrator for 7 years. Splunk is still the most cost effective tool for analysis of large sets of unstructured and semi-structured data.

I have architected, deployed, and administered Splunk installations including:

• single instance environments with Enterprise Security for start up security teams
• single instance to multi site clusters ingesting tens of terabytes a day
• Expanding a production Splunk environment from a 10 indexer cluster to two 120 node indexers clusters with 3 Search head clusters, running ITSI and Enterprise Security
• Architecting the expansion of a 15/TB a day cluster to accommodate 50TB/Day, with multi site availability and able to accommodate 5x user burst capacity
• Performance tuning and installation of of ITSI and Splunk Enterprise Security

A self service platform like Splunk can become the victim of its own success as its popularity with the organization grows. I can identify what parts of a Splunk cluster are poorly utilized, and work with customers to optimize data ingestion and queries.

I have worked with threat detection teams, silicon engineers, software developers, business compliance teams, manufacturing IT departments, network engineers, AIOps, DevOps, and Secops teams to design and optimize queries and dashboards.

Complex queries on semi-structured used to be a specialty of mine, but more recently I have encouraged the use of observability pipelines to transform unstructured data into structured logs or even metrics.

I am an experienced technical lead and can lead and mentor junior Splunk administrators and developers, as well present roadmaps and budget plans to management.

• Back