👇 CELEBRATE CLOUD SECURITY DAY 👇
00
HOURS
00
MINUTES
00
SECONDS
The Splunk Enterprise Certified Admin (SPLK-1003) certification validates an individual's proficiency in managing Splunk environments, covering tasks such as installation, configuration, and monitoring of Splunk Enterprise. It certifies that professionals can manage users, data inputs, and knowledge objects while optimizing search functionalities and system performance. The certification is ideal for IT administrators responsible for maintaining operational efficiency and security using Splunk’s powerful data analytics platform.
Why is Splunk Enterprise Certified Admin (SPLK-1003) important?
Who should take the Splunk Enterprise Certified Admin (SPLK-1003) Exam?
Skills Evaluated
Candidates taking the certification exam on the Splunk Enterprise Certified Admin (SPLK-1003) is evaluated for the following skills:
Splunk Enterprise Certified Admin (SPLK-1003) Certification Course Outline
The Splunk Enterprise Certified Admin (SPLK-1003) Certification covers the following topics -
1. Splunk Admin Basics
1.1 Identify Splunk components
2. License Management
2.1 Identify license types
2.2 Understand license violations
3. Splunk Configuration Files
3.1 Describe Splunk configuration directory structure
3.2 Understand configuration layering
3.3 Understand configuration precedence
3.4 Use btool to examine configuration settings
4. Splunk Indexes
4.1 Describe index structure
4.2 List types of index buckets
4.3 Check index data integrity
4.4 Describe indexes.conf options
4.5 Describe the fishbucket
4.6 Apply a data retention policy
5. Splunk User Management
5.1 Describe user roles in Splunk
5.2 Create a custom role
5.3 Add Splunk users
6. Splunk Authentication Management
6.1 Integrate Splunk with LDAP
6.2 List other user authentication options
6.3 Describe the steps to enable Multifactor Authentication in Splunk
7. Getting Data In
7.1 Describe the basic settings for an input
7.2 List Splunk forwarder types
7.3 Configure the forwarder
7.4 Add an input to UF using CLI
8. Distributed Search
8.1 Describe how distributed search works
8.2 Explain the roles of the search head and search peers
8.3 Configure a distributed search group
8.4 List search head scaling options
9. Getting Data In – Staging
9.1 List the three phases of the Splunk Indexing process
9.2 List Splunk input options
10. Configuring Forwarders
10.1 Configure Forwarders
10.2 Identify additional Forwarder options
11. Forwarder Management
11.1 Explain the use of Deployment Management
11.2 Describe Splunk Deployment Server
11.3 Manage forwarders using deployment apps
11.4 Configure deployment clients
11.5 Configure client groups
11.6 Monitor forwarder management activities
12. Monitor Inputs
12.1 Create file and directory monitor inputs
12.2 Use optional settings for monitor inputs
12.3 Deploy a remote monitor input
13. Network and Scripted Inputs
13.1 Create network (TCP and UDP) inputs
13.2 Describe optional settings for network inputs
13.3 Create a basic scripted input
14. Agentless Inputs
14.1 Identify Windows input types and uses
14.2 Describe HTTP Event Collector
15. Fine Tuning Inputs
15.1 Understand the default processing that occurs during input phase
15.2 Configure input phase options, such as sourcetype fine-tuning and character set encoding
16. Parsing Phase and Data
16.1 Understand the default processing that occurs during parsing
16.2 Optimize and configure event line breaking
16.3 Explain how timestamps and time zones are extracted or assigned to events
16.4 Use Data Preview to validate event creation during the parsing phase
17. Manipulating Raw Data
17.1 Explain how data transformations are defined and invoked
17.2 Use transformations with props.conf and transforms.conf to:
a) Mask or delete raw data as it is being indexed
b) Override sourcetype or host based upon event values
c) Route events to specific indexes based on event content
d) Prevent unwanted events from being indexed
17.3 Use SEDCMD to modify raw data
(Based on 1082 reviews)
No reviews yet. Be the first to review!