Course Description

This 24-hour practical exam is designed to assess the skills and knowledge of Splunk Certified Architect candidates and is the final step toward certification. Each participant is given access to a specified number of Linux servers and a set of requirements. Participants then perform a mock deployment according to requirements which adhere to Splunk Deployment Methodology and best-practices.

Instructor-led Training Schedule

Course Prerequisites

  • Using Splunk, Searching and Reporting with Splunk, and Creating Splunk Knowledge Objects or Splunk Fundamentals 1 and Splunk Fundamentals 2
  • Splunk Administration or Splunk System Administration and Splunk Data Administration
  • Architecting Splunk Enterprise Deployments


Course Objectives

Module 1 - Installation and Infrastructure

  • Install a search head, deployment server and indexers
  • Perform a scripted installation of universal forwarders



Module 2 - Configuration, Collection, and Comprehension

  • Deploy all specified configurations via deployment server
  • Gather data from forwarders and send to multiple indexes depending on use case
  • Configure and confirm index-time knowledge
  • Create search time field extractions

Module 3 - Searching and Reporting

  • Create searches and dashboards for each required use case