Splunk Enterprise Certified Admin (SPLK-1003)

About Splunk Enterprise Certified Admin Exam

The Splunk Enterprise Certified Admin exam is the final step towards completion of the Splunk Enterprise Certified Admin certification. This upper-level certification exam evaluates a candidate’s knowledge and skills to manage various components of Splunk on a daily basis, including the health of the Splunk installation. Candidates are recommended to complete the lecture, hands-on labs, and quizzes that are part of the Splunk Enterprise System Administration and Splunk Enterprise Data Administration courses in order to be prepared for the certification exam. 

The Splunk Enterprise System Administration course exam focuses on administrators who manage a Splunk Enterprise environment. The Splunk Enterprise Data Administration exam targets administrators who are responsible for getting data into Splunk. 

Required Prerequisite Certification

• Splunk Core Certified Power User

Recommended Prerequisite Courses

• Splunk Enterprise System Administration
• Splunk Enterprise Data Administration

The following content areas are general guidelines for the content to be included on the exam:

• Splunk deployment overview
• License management
• Splunk apps
• Splunk configuration files
• Users, roles, and authentication
• Getting data in
• Distributed search
• Introduction to Splunk clusters
• Deploy forwarders with Forwarder Management
• Configure common Splunk data inputs
• Customize the input parsing process 

Course Structure

The Splunk Enterprise Certified Admin exam covers the following topics -

1. Splunk Admin Basics

1.1 Identify Splunk components

2. License Management

2.1 Identify license types

2.2 Understand license violations

3. Splunk Configuration Files

3.1 Describe Splunk configuration directory structure

3.2 Understand configuration layering

3.3 Understand configuration precedence

3.4 Use btool to examine configuration settings

4. Splunk Indexes

4.1 Describe index structure

4.2 List types of index buckets

4.3 Check index data integrity

4.4 Describe indexes.conf options

4.5 Describe the fishbucket

4.6 Apply a data retention policy

5. Splunk User Management

5.1 Describe user roles in Splunk

5.2 Create a custom role

5.3 Add Splunk users

6. Splunk Authentication Management

6.1 Integrate Splunk with LDAP

6.2 List other user authentication options

6.3 Describe the steps to enable Multifactor Authentication in Splunk

7. Getting Data In

7.1 Describe the basic settings for an input

7.2 List Splunk forwarder types

7.3 Configure the forwarder

7.4 Add an input to UF using CLI

8. Distributed Search

8.1 Describe how distributed search works

8.2 Explain the roles of the search head and search peers

8.3 Configure a distributed search group

8.4 List search head scaling options

9. Getting Data In – Staging

9.1 List the three phases of the Splunk Indexing process

9.2 List Splunk input options

10. Configuring Forwarders

10.1 Configure Forwarders

10.2 Identify additional Forwarder options

11. Forwarder Management

11.1 Explain the use of Deployment Management

11.2 Describe Splunk Deployment Server

11.3 Manage forwarders using deployment apps

11.4 Configure deployment clients

11.5 Configure client groups

11.6 Monitor forwarder management activities

12. Monitor Inputs

12.1 Create file and directory monitor inputs

12.2 Use optional settings for monitor inputs

12.3 Deploy a remote monitor input

13. Network and Scripted Inputs

13.1 Create network (TCP and UDP) inputs

13.2 Describe optional settings for network inputs

13.3 Create a basic scripted input

14. Agentless Inputs

14.1 Identify Windows input types and uses

14.2 Describe HTTP Event Collector

15. Fine Tuning Inputs

15.1 Understand the default processing that occurs during input phase

15.2 Configure input phase options, such as sourcetype fine-tuning and character set encoding

16. Parsing Phase and Data

16.1 Understand the default processing that occurs during parsing

16.2 Optimize and configure event line breaking

16.3 Explain how timestamps and time zones are extracted or assigned to events

16.4 Use Data Preview to validate event creation during the parsing phase

17. Manipulating Raw Data

17.1 Explain how data transformations are defined and invoked

17.2 Use transformations with props.conf and transforms.conf to:

a) Mask or delete raw data as it is being indexed

b) Override sourcetype or host based upon event values

c) Route events to specific indexes based on event content

d) Prevent unwanted events from being indexed

17.3 Use SEDCMD to modify raw data

Exam Pattern 

• Exam Name: Splunk Enterprise Certified Admin
• Exam Code: SPLK-1003
• Number of Questions: 56 Questions
• Length of Time:  60 minutes
• Exam Language: English
  

What do we offer?

• 5 full-length mock test with unique questions in each test set
• Practice objective questions with section-wise scores
• An in-depth and exhaustive explanation for every question
• Reliable exam reports evaluating strengths and weaknesses
• Latest Questions with an updated version
• Tips & Tricks to crack the test
• Unlimited access

What are our Practice Exams?

• Practice exams have been designed by professionals and domain experts that simulate real time exam scenario.
• Practice exam questions have been created on the basis of content outlined in the official documentation.
• Each set in the practice exam contains unique questions built with the intent to provide real-time experience to the candidates as well as gain more confidence during exam preparation.
• Practice exams help to self-evaluate against the exam content and work towards building strength to clear the exam.
• You can also create your own practice exam based on your choice and preference 

100% Assured Test Pass Guarantee

We have built the TestPrepTraining Practice exams with 100% Unconditional and assured Test Pass Guarantee!