Splunk Training + Certification

Core Consultant Labs

Core Consultant Lab Registration

Lab Prerequisites

  • Splunk Enterprise Certified Architect

Estimated Lab Duration

  • Services Consultant Architect Practice Lab 1 (maximum 3 hours)
  • Services Consultant Architect Practice Lab 2 (maximum 4 hours)
  • Services Consultant Architect Practice Lab 3 (maximum 4 hours)
  • Implementation Fundamentals Practical Lab (maximum 8 hours)
  • Distributed Search Migration Lab (maximum 4 hours)
  • Indexer Cluster Lab (maximum 4 hours)

Course Description

This package consists of a self-paced eLearning course focused on base configs and best practices for props.conf, along with the following six self-paced labs:

Services Consultant Architect Practice Lab 1

This self-graded lab focuses on the download and installation of Splunk on four hosts. Registrants must configure a single search head, two indexers, and a monitoring console. The indexers should be configured as distributed search peers of the search head and the monitoring console.

Services Consultant Architect Practice Lab 2

This self-graded lab focuses on the configuration of a Splunk universal forwarder and on app installation using a deployment server.

Services Consultant Architect Practice Lab 3

This self-graded lab focuses on the configuration of data forwarding through an intermediate tier of universal forwarders and routing data to specific indexes based on the contents of the raw events.

Implementation Fundamentals Practical Lab

This lab, manually graded by Splunk Education, consists of six modules, as follows:

Module 1 – Establish Deployment Client Connectivity

Module 2 – Identify Data Onboarding Parameters

Module 3 – Define and Deploy Input Specification

Module 4 – Create Search-Time Field Extractions

Module 5 – Build a Dashboard

Module 6 – Submit Work for Grading

Distributed Search Migration Lab

In this self-graded lab, candidates must emulate the process of expanding a Splunk infrastructure from a single all-in-one node to a distributed (multi-indexer, plus search head) configuration.

Indexer Cluster Lab

In this self-graded lab, candidates connect a "pre-existing" infrastructure formed of two unclustered indexers, a search head, and a monitoring console, then migrate this stand-alone structure to take on a new cluster master. The new cluster master will manage the indexers in a newly-formed indexer cluster, connect the search head to the indexers, and manage index replication. Finally, the customer's data must be migrated into the clustered bucket format so that the data can be replicated across the cluster.

Please note: All candidates must be Splunk Enterprise Certified Architects to access the lab bundle.