Course Description

This 24-hour practical exam is designed to assess the skills and knowledge of Splunk Certified Architect candidates and is the final step toward certification. Each participant is given access to a specified number of Linux servers and a set of requirements. Participants then perform a mock deployment according to requirements which adhere to Splunk Deployment Methodology and best-practices.

Instructor-led Training Schedule

Course Prerequisites

  • Splunk Fundamentals 1 
  • Splunk Fundamentals 2
  • Splunk System Administration
  • Splunk Data Administration
  • Architecting Splunk Enterprise Deployments


Course Objectives

Installation and Infrastructure

  • Install a search head, deployment server and indexers
  • Perform a scripted installation of universal forwarders

Configuration, Collection, and Comprehension

  • Deploy all specified configurations via deployment server
  • Gather data from forwarders and send to multiple indexes depending on use case
  • Configure and confirm index-time knowledge
  • Create search time field extractions

Searching and Reporting

  • Create searches and dashboards for each required use case