This repository is NOT complete, or completely accurate. It was started - and later abandoned - during my journey towards becoming a certified Splunk architect. I recently noticed that some folks have been forking and/or starring this - and I highly recommend NOT using this as a reference.

I DO recommend my book: Splunk 7.x Quick Start Guide available from Packt Publising and Amazon, which is a complete and accurate reference - I use it myself on a very regular basis to fill in the gaps for all the stuff you can't remember if you don't do it every day:

https://www.amazon.com/Splunk-7-x-Quick-Start-Guide-ebook/dp/B07L1MQF4V

My apologies - I should have been a more responsible repository owner.

Also: As time permits, I will be migrating the usable data from this repository to my Machine Data Insights repository located here:

https://github.com/machinedatainsights

This is a repository for a set of markdown files initially created as a study and reference guide for passing the Splunk Architect certification lab.

A secondary purpose is a set of notes for building a clustered Splunk environment for both on premise and AWS environments.

From the Splunk Architect Certification Lab link:

This 24-hour practical exam is designed to assess the skills and knowledge of Splunk Certified Architect candidates and is the final step toward certification. Each participant is given access to a specified number of Linux servers and a set of requirements. Participants then perform a mock deployment according to requirements which adhere to Splunk Deployment Methodology and best-practices.

The lab is facilitated by a live instructor via virtual classroom. Participants are allowed 24 hours continuous access to the servers to complete the requirements. A live instructor is available for the first 4 hours for direct facilitation.

• Using Splunk
• Searching and Reporting with Splunk
• Creating Splunk Knowledge Objects
• Splunk Administration
• Advanced Dashboards and Visualizations
• Architecting and Deploying Splunk

** 30 days hands-on Splunk experience following completion of above courses is recommend prior to attending the Certification Lab.

Installation and Infrastructure

Install a search head, deployment server and indexers
Perform a scripted installation of universal forwarders

Configuration, Collection, and Comprehension

Deploy all specified configurations via deployment server
Gather data from forwarders and send to multiple indexes depending on use case
Configure and confirm index-time knowledge
Create search time field extractions

Searching and Reporting

Create searches and dashboards for each required use case