Summary
Overview
Work History
Education
Skills
Certification
Timeline
Generic

Rajashekar Yelloboina

Fairfax,VA

Summary

Versatile, hands-on technology professional with more than eight years of experience specializing in Splunk and Cribl, with deep expertise in data pipeline engineering, SIEM operations, and security analytics. Proficient in client/server design and development across Red Hat, Linux, and Windows platforms. Champions the installation, configuration, migration, troubleshooting, and maintenance of Splunk Enterprise, Splunk ITSI, Splunk Cloud, and Cribl Stream across on-premises and cloud environments (AWS, Azure).

Overview

12
12
years of professional experience
1
1
Certification

Work History

Senior Splunk & Cribl Engineer

Deloitte
11.2023 - Current
  • Leads Splunk deployments on large-scale server configurations and serves as the subject matter expert for Splunk across the organization.
  • Develops security use case content, transforming information into correlation queries, templates, reports, rules, and alerts using SPL.
  • Monitors and analyzes notable events through Splunk Enterprise Security as part of the SIEM; resolves security events, risks, and reporting incidents.
  • Partners with clients on data onboarding, alert writing, and dashboard creation; documents architectural configurations, data flows, and troubleshooting guides.
  • Integrates new AWS log sources and performs log analysis and parsing for SIEM correlation.
  • Configures inputs.conf and outputs.conf to extract XML-based events to Splunk Cloud Indexers.
  • Creates and manages applications, user accounts, roles, and permissions for Splunk knowledge objects.
  • Evaluates and configures DB Connect for MySQL and Microsoft SQL; leverages Splunk DB Connect 2.0 in search head cluster environments for Oracle and MySQL.
  • Writes automation scripts for REST APIs using TestNG and conducts unit and functional testing using Selenium WebDriver.
  • Authors SQL queries in alignment with Splunk reporting requirements.
  • Installed and configured Cribl leader and worker nodes on-premises and deployed additional worker nodes in AWS and Azure environments.
  • Onboarded multiple data sources into Splunk via Cribl Stream, building data pipelines to reduce log volume and eliminate unwanted/redundant data before indexing.
  • Leveraged suppress functions to deduplicate similar events and used eval functions to create and enrich fields in raw data.
  • Applied parser functions to transform and restructure unstructured log formats, delivering clean, structured data into Splunk.
  • Built multiple REST API collectors in Cribl to ingest API-based logs into Splunk.
  • Created datasets and configured Cribl Data Lake; onboarded operational logs into the data lake for long-term retention.
  • Successfully migrated on-premises Cribl leader to Cribl Managed Cloud with zero downtime or data loss.
  • Configured log routing to multiple destinations — routing specific log formats to Splunk while directing other format types to CyberArk PTA and Dynatrace.
  • Created Cribl dashboards to monitor pipeline performance and operational health for applications and infrastructure.

Splunk Engineer

IBM
04.2021 - 10.2023
  • Integrated multiple data sources and network feeds into real-time Splunk dashboards.
  • Developed customized dashboards, visualizations, reports, and search capabilities using SPL; created content for security use cases including correlation queries, rules, and alerts.
  • Demonstrated expertise in Splunk internals — indexer strategies, parsing, indexing, performance optimization, and knowledge object management (lookups, modular inputs).
  • Contributed to SIEM solutions for detecting, responding to, and preventing security threats; implemented SSO integration for Splunk Web authentication.
  • Onboarded stakeholder data into Splunk, managing knowledge objects including macros, calculated fields, tags, events, and lookups.
  • Installed, administered, and configured Splunk Enterprise, integrating with local legacy systems.
  • Troubleshot network issues including packet loss, latency, sequence gaps, and secondary network downtime.
  • Mentored and guided team members on Splunk use cases during proof of concept (POC) engagements.
  • Demonstrated experience in Python scripting and secure coding practices.
  • Deployed Splunk ITSI to monitor business-critical applications and infrastructure, enabling predictive alerting.
  • Configured ITSI notable events review dashboards to streamline triage and root cause analysis.
  • Created KPI thresholds, adaptive thresholding, and multi-KPI service health scores within ITSI.
  • Automated service insights reporting through ITSI to provide executive-level visibility into service performance.
  • Designed and implemented ITSI glass tables, services, and KPIs for proactive IT operations monitoring.
  • Configured service trees in ITSI to establish dependencies and reduce MTTR (Mean Time to Resolve).
  • Built correlation searches in ITSI for anomaly detection and automated incident management.
  • Developed and customized ITSI dashboards for application performance and infrastructure health monitoring.

Splunk Administrator/Developer

CenturyLink
06.2019 - 03.2021
  • Installed and configured Splunk products across various environments.
  • Configured Splunk modules that included searching, reporting, knowledge objects, administration, add-ons, dashboards, clustering, and forwarder management.
  • Designed and maintained high quality Splunk dashboards for production use.
  • Managed Splunk enterprise deployments and implemented continuous integration as part of configuration management.
  • Created custom dashboards, reports, and Information points for AppDynamics.
  • Configured Splunk DB Connect 2.4.0 in search head cluster environments for Oracle.
  • Deployed APM monitoring using AppDynamics and Splunk.
  • Demonstrated expertise in Splunk UI/GUI development and operations roles.
  • Created and customized Splunk applications, searches, and dashboards based on IT team and business requirements.
  • Implemented Access controls, including the creation of AD (Active Directory) groups for power and user groups.
  • Integration add-on app for user authentication in Splunk Web.
  • Partnered with technical teams to resolve integration issues and deploy complex Splunk dashboards and reports.
  • Implemented Splunk ITSI for enterprise monitoring by building services and entities across hybrid environments.
  • Designed custom ITSI glass tables to visualize key business service health in real-time.
  • Integrated ITSI with ticketing systems to automate incident creation and escalation.
  • Optimized ITSI correlation searches to minimize false positives and improve event detection accuracy.
  • Managed Splunk configuration for different web applications and batches that included saved search, summary search, and summary indexes.
  • Handled security events affecting VMware systems, applications, infrastructure, information, and users using Splunk Enterprise Security.
  • Efficiently managed indexes, cluster indexes, Splunk web framework, data models, and pivot tables.
  • Conducted troubleshooting and configuration changes that resolved Splunk integration issues.
  • Developed customized Splunk dashboards, visualizations, configurations, reports, and search capabilities using Splunk queries.
  • Maintained data repository for data correlation and trending and analyzed application logs using the Splunk tool.

Splunk Developer

Ford
02.2018 - 05.2019
  • Constructed Splunk infrastructure and automation toolsets for related solutions.
  • Engaged in Splunk GUI development that included creating Splunk apps, searches, data models, dashboards, and reports using Splunk query language.
  • Provided ongoing support and guidance to Splunk project teams by resolving complex issues and solutions.
  • Actively participated as a Splunk Administrator by capturing, analyzing, and monitoring front-end and middleware applications.
  • Collaborated on client engagements and data onboarding, crafting alerts and dashboards using the Search Processing Language (SPL).
  • Monitored notable events through Splunk Enterprise Security (Version 3.0) as part of SIEM.
  • Developed Shell Scripts that installed Splunk Forwarders and configured common configuration files across all servers.
  • Onboarded new log sources by focusing on log analysis and parsing to enable SIEM correlation.
  • Configured inputs.conf and outputs.conf that extracted XML-based events for Splunk Cloud Indexer.
  • Created and managed apps, user accounts, roles, and permissions for knowledge objects.
  • Designed and implemented a NoSQL based database and associated RESTful web service that stored high volume user profile data for vertical teams.
  • Scripted SQL queries in alignment with Splunk requirements.
  • Developed dashboards, reports, scheduled searches, and alerts.
  • Administered Splunk in diverse environments that included Windows Servers and Red Hat Linux Enterprise Servers.

Splunk Developer

Plum Soft
08.2014 - 10.2015
  • Installed and configured Splunk products across various environments.
  • Incorporated Splunk searching and reporting modules, knowledge objects, administration, add-ons, dashboards, clustering, and forwarder management.
  • Designed and maintained high quality Splunk dashboards for production use.
  • Deployed Splunk Enterprise and implemented continuous integration as part of configuration management.
  • Assisted application teams in onboarding Splunk, which included the creation of dashboards, alerts, and reports.
  • Gained proficiency in installing and configuring both universal forwarders and heavy forwarders that ingested various data sources into Splunk.
  • Authored reports, alerts, and dashboards that utilized Splunk query language.
  • Standardized Splunk forwarder deployment, configuration, and maintenance across UNIX and Windows platforms.
  • Demonstrated expertise in Splunk DB Connect 2.0 integration within search head cluster environments for Oracle and MySQL databases.
  • Effectively managed indexes and cluster indexes along with Splunk web framework, data models, and pivot tables.
  • Resolved Splunk integration issues through troubleshooting and configuration adjustments.
  • Customized Splunk dashboards, visualizations, configurations, reports, and search capabilities using tailored Splunk queries.
  • Played a pivotal role in identifying and implementing process improvements within the team.

Education

Master of Science - Cyber Security

New England University
01-2017

Skills

  • Splunk: Enterprise 5x–8x, Splunk Cloud, Splunk ITSI, DB Connect, Enterprise Security (SIEM), Splunk Web Framework, SPL
  • Cribl Stream (Leader/Worker nodes, Pipelines, Routes, Packs, Edge Nodes), Cribl Data Lake, REST API Collectors, Cribl Managed Cloud
  • Cloud: AWS, Azure (log source integration, cloud worker deployment)
  • Languages & Scripting: SQL, PL/SQL, Python, Bash/Shell, REST API, XML
  • Operating Systems: Red Hat Linux (4, 5), Solaris (8, 9, 10), Unix, AIX, Windows 2K/XP/2003
  • Databases: Oracle 11g/10g, MySQL, DB2, Microsoft Access
  • Networking & Protocols: TCP/IP, HTTP/HTTPS, SNMP, LDAP, DNS, DHCP, FTP, Telnet
  • Web Servers: Apache Tomcat, Oracle WebLogic, JBoss, Oracle HTTP Server, MS IIS
  • Tools: Selenium WebDriver, TestNG, SOAR, TOAD, MySQL Workbench, Oracle Forms

Certification

  • Splunk Certified User
  • Splunk Certified Power User
  • Splunk Enterprise Security Certified Administrator
  • Certification of Completion Administering Splunk
  • SOAR Splunk Accredited Sales Representative I
  • Splunk Accredited Sales Representative II
  • Foundations of Operationalizing MITRE ATT&CK Security Analyst 1
  • Cribl Certified Observability Engineer (CCOE) User

Timeline

Senior Splunk & Cribl Engineer

Deloitte
11.2023 - Current

Splunk Engineer

IBM
04.2021 - 10.2023

Splunk Administrator/Developer

CenturyLink
06.2019 - 03.2021

Splunk Developer

Ford
02.2018 - 05.2019

Splunk Developer

Plum Soft
08.2014 - 10.2015

Master of Science - Cyber Security

New England University
Rajashekar Yelloboina