Splunk Architect Certification Lab

This 24-hour practical exam is designed to assess the skills and knowledge of Splunk Certified Architect candidates and is the final step toward certification. Each participant is given access to a specified number of Linux servers and a set of requirements. Participants then perform a mock deployment according to requirements which adhere to Splunk Deployment Methodology and best-practices.

View schedule »

Download description »

Lab Format

The lab is facilitated by a live instructor via virtual classroom. Participants are allowed 24 hours continuous access to the servers to complete the requirements. A live instructor is available for the first 4 hours for direct facilitation.


  • Using Splunk, Searching and Reporting with Splunk, and Creating Splunk Knowledge Objects
    Splunk Fundamentals 1 and Splunk Fundamentals 2
  • Splunk Administration
    Splunk System Administration and Splunk Data Administration
  • Architecting Splunk Enterprise Deployments

** 30 days hands-on Splunk experience following completion of above courses is recommend prior to attending the Certification Lab.

Course Objectives

Installation and Infrastructure

  • Install a search head, deployment server and indexers
  • Perform a scripted installation of universal forwarders

Configuration, Collection, and Comprehension

  • Deploy all specified configurations via deployment server
  • Gather data from forwarders and send to multiple indexes depending on use case
  • Configure and confirm index-time knowledge
  • Create search time field extractions

Searching and Reporting

  • Create searches and dashboards for each required use case