This is a repository for a set of markdown files initially created as a study and reference guide for passing the Splunk Architect certification lab.
A secondary purpose is a set of notes for building a clustered Splunk environment for both on premise and AWS environments.
From the Splunk Architect Certification Lab link:
This 24-hour practical exam is designed to assess the skills and knowledge of Splunk Certified Architect candidates and is the final step toward certification. Each participant is given access to a specified number of Linux servers and a set of requirements. Participants then perform a mock deployment according to requirements which adhere to Splunk Deployment Methodology and best-practices.
The lab is facilitated by a live instructor via virtual classroom. Participants are allowed 24 hours continuous access to the servers to complete the requirements. A live instructor is available for the first 4 hours for direct facilitation.
- Using Splunk
- Searching and Reporting with Splunk
- Creating Splunk Knowledge Objects
- Splunk Administration
- Advanced Dashboards and Visualizations
- Architecting and Deploying Splunk
** 30 days hands-on Splunk experience following completion of above courses is recommend prior to attending the Certification Lab.
Installation and Infrastructure
Install a search head, deployment server and indexers
Perform a scripted installation of universal forwarders
Configuration, Collection, and Comprehension
Deploy all specified configurations via deployment server
Gather data from forwarders and send to multiple indexes depending on use case
Configure and confirm index-time knowledge
Create search time field extractions
Searching and Reporting
Create searches and dashboards for each required use case