ashraf salah eldian

• Designed scalable and reliable Splunk architectures for on-premises, hybrid, or cloud
environments for including data modeling, parsing, and indexing strategies.
• Developed data onboarding strategies to ensure comprehensive log coverage from
systems, applications, and cloud platforms.
• Designed and implemented Splunk Enterprise including provisioning of UF, Heavy
Forwarders, Syslog Servers and ITSI infrastructure to provide high availability across
multiple data centers and support cloud integration efforts.
• Highly experienced in Installing, configuring, and maintaining Splunk infrastructure,
including forwarders, indexers, and search heads.
• Built customized dashboards, alerts, and reports to meet business and security
requirements.
• Provided extensive production support, troubleshooting issues such as missing logs (UF,
Syslog, API, DB Connect, HEC), configuration mismatches, KV store failures, and network
problems.
• Having Expert level experience in writing Splunk search processing language (SPL) for
creating complex search queries/correlations, CIM compliance, Datamodel management.
• Excellent analytical and problem-solving skills with the ability to address complex issues
such as by troubleshooting ingestion errors—addressing malformed events, timestamp
issues, duplicate logs, CRC issues and incorrect sourcetype assignments.
• Conducted capacity planning and performance tuning of Splunk instances and
implemented retention policies, index lifecycle management, and storage optimization.
• Integrated Splunk with various data sources such as AWS CloudTrail, Azure Activity Logs,
and Zscaler streams, analyzing the data for parsing to make it CIM compliant.
• Proficient in both Linux and Windows environments in Splunk deployment and
infrastructure on AWS, utilizing services like EC2, S3, CloudWatch, CloudTrail, VPC,
CloudFront to meet compliance and performance needs.
• Put massive amount of efforts to cleanse noisy or malformed data at ingest time, resolving
issues like timestamp mismatches, sourcetype misclassification, CRC duplication, and
parsing failures.
• Led the development of custom integration modules using Python, REST APIs, and scripted
inputs to connect Splunk with external log sources and incident response systems.
• Provided technical Splunk support and training to end-users and stakeholders.
• Develop and maintain documentation for system configurations, processes, and
procedures.
• Worked closely with cross-functional teams to design and implement monitoring solutions
that enhance the visibility and security of the IT environment.
• Maintain, upgrade, and troubleshoot issues with SPLUNK clusters along with managing,
patching and updates of Splunk hosts.
• Built advanced dashboards to visualize daily license usage, incident volumes, firewall
blockage, pipeline blockage, ticket SLAs, and host, source, sourcetype monitoring for
Security, and Infrastructure teams.
• Defined and scheduled background searches and summary jobs to reduce dashboard load
time, implementing cron expressions and time window tuning for efficiency.
• Designed, developed Custom advanced Splunk dashboards, schedule reports and alerts in
support of the Incident Response team.
• Integrated Splunk with other security tools (e.g., SIEM, SOAR, endpoint protection, threat
intelligence feeds).
• Installed, upgraded, and maintained required SPLUNK applications and add-ons such as
Splunk Add-on for AWS, dbconnect, duo security, Thinkst Canary tools.
• Monitored SPLUNK daily health status for cluster status, health status, and other issues,
and resolve as needed to take necessary action.
• Strong background on onboarding structured/unstructured data using UF/HF, syslog, APIs,
HEC, DB Connect ensuring CIM compliance and properly parsed field extractions.

 Infrastructure and Operation (Research & Development. System Technology Specialist).
 Designed a corporate security hardening road map. Include implementation of DMZ, VPN implementation as well as wireless LAN security.
 Participated in the project to immigrate Dal Group to the new infrastructure. The tasks included designing and implementing infrastructure system. The tasks include installation of the active directory, Exchange (2003 complete mailing system (back-end, front end and SMTP Servers), ISA Server 2004 & 2006, Certificate Servers, Remote servers and External DNS server.
 Designed and implemented a complete centralized backup-system using Microsoft Data Protection Manager 2007 and Symantec Backup-exec 2010 as part of the Disaster recovery project.
 San (Storage Area Network) solution for Implementing High availability for the running services.
 Implement a complete Infrastructure Project for Dal Group Dubai and Dal Group China; include mailing and system applications using Microsoft windows 2008 server and Microsoft Exchange 2007.

• Extensive background in developing splunk use cases, dashboards, alerts, reports to
provide
• Conducted capacity planning and performance tuning of Splunk instances and
implemented retention policies, index lifecycle management, and storage optimization.
• Administered distributed Splunk infrastructure components, ensuring high availability
across search heads, indexers, and data collection nodes.
• Customized system configurations via .conf file tuning to align with unique operational use
cases and compliance standards.
• Monitored system health, logs, and capacity to proactively address performance
bottlenecks and maintain optimal system uptime.
• Designed and built custom Technical Add-ons (TAs) to simplify onboarding of application
and platform logs.
• Assessed and implemented data onboarding strategies for niche log formats and evolving
business-driven telemetry sources.
• Streamlined ingestion pipelines by optimizing parsing, line-breaking, timestamp extraction,
and metadata tagging.
• Oversaw deployment and fine-tuning of HTTP Event Collector (HEC) endpoints to manage
high-throughput, reliable event intake.
• Created user-centric dashboards and visual analytics to deliver real-time visibility into
business-critical metrics.
• Developed efficient SPL queries and reports to surface key operational trends and
anomalies.
• Deployed and managed core configuration elements including inputs, outputs, props,
transforms, and server classes.
• Automated repetitive admin tasks through scripted solutions to boost operational efficiency
and scalability.
• Served as a trusted advisor on platform tuning, query acceleration, and distributed search
best practices.
• Worked alongside cross-functional teams to understand telemetry needs and transform
them into technical solutions using Splunk tooling.
• Demonstrated hands-on expertise in designing TA lifecycle workflows, from metadata
definitions to field extraction strategies.
• Delivered solutions to enhance observability using advanced dashboards, custom
visualizations, and real-time alerting logic.

• Planning, Installation, configuration and administration of VMware ESXI hosts, ESX 6.5,
vCSA-6.7,
• virtual machines (400 VMs on 30 hosts on Dell FX Chassies.)- working on HA, vMotion, DRS,
iSCSI SAN.
• Responsible of planning, and operating servers backups using CommVault, VEEAM and
Azures Recovery Services Vault and Disaster Recovery using Azure Site Recovery and
Zerto Virtual Manager
• Automating VMs creation using template to deploy Windows and Ubuntu servers.
• Planning, configuring and managing RDS farms with 100 CALs and 15 published
applications.
• Planning, Installation, configuration and administration of NetApp Cloud Storage Services
• Configuring and managing Adaxes; AD operations automation tool.
• Responsible for creating PowerShell scripts to automate servers operations.
• Managing the organizations Exchange and office365 online system in a hybrid set-up.
• Responsible for Active Directory administration activities on Windows 2016 for over 2000+
users, GPOs, AD replications, DNS and DHCP servers and Azure AD Connect sync and SSO.
• Administering SCCM with 10 DPs; configuring and monitoring updates & 3rd party apps
updates, creating query-based collections, DSC using CI/BL on servers/workstations,
deploying Operating System Images using OSD and MDT Task Sequences.
• Serving as Tier4 support for Helpdesk and Desktop Support teams.
• Monitoring and maintenance of the COLO Datacenter.
• Monitoring servers resources both virtual and physical (CPU, memory, disk, network),
Routers, Switches using WMI and SNMP sensors and Site24x7 and PRTG monitoring tools.
• Provide performance and license tuning for systems and troubleshoot SPLUNK components
across multiple network environments.

• Extensive background in developing splunk use cases, dashboards, alerts, reports to
provide actionable insight into system performance and reliability based on the
business requirement & different sources of data, including databases &
third-party systems.
• Designed and implemented advanced dashboards by leveraging optimized complex SPL
queries, including conditional logic, base search, statistical aggregations, and regex-based
field extractions, spath, tstats, eval functions to drive actionable insights across the
enterprise for large scale datasets.
• Created scripted inputs for data ingestion, alerting, and dashboard functions.
• Built interactive dashboards with dropdown filters, drilldowns, and token-driven workflows
to deliver custom analytics experiences for operations, application performance, and
InfoSec teams.
• Maintained and automated external data enrichment through scheduled lookup file
updates (CSV/KV Store), enhancing the analytical depth of real-time events.
• Troubleshot critical issues and bottlenecks within searches, knowledge objects, and
forwarder performance, significantly improving uptime and search responsiveness.
• Integrated cloud-native telemetry—such as AWS CloudTrail, Azure Activity Logs, and
Zscaler streams—into Splunk, ensuring consistent visibility across hybrid environments.
• Delivered search-time performance improvements by developing macros, calculated fields,
and efficient field extractions using props/transforms, aligning with CIM standards.
• Maintained and automated external data enrichment through scheduled lookup file
updates (CSV/KV Store), enhancing the analytical depth of real-time events.
• Closely Collaborated with cloud-native platforms and compliance teams to audit and
reassign unused or orphaned knowledge objects, using a combination of REST API calls and
UI-based audits
• Engineered efficient visual interfaces using summary indexes, enabling fast-loading
dashboards that support long-term historical analysis and capacity planning.
• Developed complex SPL queries, datamodels for data normalization, macros, and custom
search commands for high-performance dashboards, alerts, and real-time analytics.
• Developed and optimized summary indexing solutions to improve dashboard performance
and enable long-term trend analysis with reduced search-time cost.
• Developed dynamic dashboards utilizing summary index for post-process searches and
lookup-based filters, improving response time and interactivity.
• Created, managed, and automated lookup tables (CSV and KV store) to enrich events with
external business context, improving data correlation and visualization.
• Built real-time custom advanced dashboards and visualizations tailored to operational,
application, and security use cases.
• Implemented modular dashboards using drilldowns, base searches, and tokens to deliver
performance-efficient reporting for various stakeholders.
• Collaborated with platform team to clean up and reassess ownership of stale knowledge
objects across apps using REST API and GUI.
• Managed CIM mappings and data model accelerations to ensure compatibility with
Enterprise Security (ES) and improve correlation search execution.
• Integrated AWS/Azure logs (CloudTrail, CloudWatch/ AWS VPC Flow Logs/ AWS Security
Hub ) and third-party security tools into Splunk for enhanced visibility.
• Built advanced dashboards to visualize daily license usage, incident volumes, firewall
blockage, pipeline blockage, ticket SLAs, and host, source, sourcetype monitoring for
Security, and Infrastructure teams.
• Defined and scheduled background searches and summary jobs to reduce dashboard load
time.