Splunk Architect Certification Lab
This 24-hour practical exam is designed to assess the skills and knowledge of Splunk Certified Architect candidates and is the final step toward certification. Each participant is given access to a specified number of Linux servers and a set of requirements. Participants then perform a mock deployment according to requirements which adhere to Splunk Deployment Methodology and best-practices.
The lab is facilitated by a live instructor via virtual classroom. Participants are allowed 24 hours continuous access to the servers to complete the requirements. A live instructor is available for the first 4 hours for direct facilitation.
- Using Splunk, Searching and Reporting with Splunk, and Creating Splunk Knowledge Objects
Splunk Fundamentals 1 and Splunk Fundamentals 2
- Splunk Administration
Splunk System Administration and Splunk Data Administration
- Architecting Splunk Enterprise Deployments
** 30 days hands-on Splunk experience following completion of above courses is recommend prior to attending the Certification Lab.
Installation and Infrastructure
- Install a search head, deployment server and indexers
- Perform a scripted installation of universal forwarders
Configuration, Collection, and Comprehension
- Deploy all specified configurations via deployment server
- Gather data from forwarders and send to multiple indexes depending on use case
- Configure and confirm index-time knowledge
- Create search time field extractions
Searching and Reporting
- Create searches and dashboards for each required use case