Use this quick start guide to collect all the information about Splunk Enterprise Admin (SPLK-1003) Certification exam. This study guide provides a list of objectives and resources that will help you prepare for items on the SPLK-1003 Splunk Enterprise Certified Admin exam. The Sample Questions will help you identify the type and difficulty level of the questions and the Practice Exams will make you familiar with the format and environment of an exam. You should refer this guide carefully before attempting your actual Splunk Enterprise Administrator certification exam.
The Splunk Enterprise Admin certification is mainly targeted to those candidates who want to build their career in Enterprise domain. The Splunk Enterprise Certified Administrator exam verifies that the candidate possesses the fundamental knowledge and proven skills in the area of Splunk Enterprise Administrator.
Splunk Enterprise Admin Exam Summary:
Exam Name | Splunk Enterprise Certified Administrator |
Exam Code | SPLK-1003 |
Exam Price | $130 (USD) |
Duration | 60 mins |
Number of Questions | 56 |
Passing Score | 700 / 1000 |
Books / Training | Splunk Enterprise Certified Admin Learning Path |
Schedule Exam | Pearson VUE |
Sample Questions | Splunk Enterprise Admin Sample Questions |
Practice Exam | Splunk SPLK-1003 Certification Practice Exam |
Splunk SPLK-1003 Exam Syllabus Topics:
Topic | Details | Weights |
---|---|---|
Splunk Admin Basics | - Identify Splunk components | 5% |
License Management |
- Identify license types - Understand license violations |
5% |
Splunk Configuration Files |
- Describe Splunk configuration directory structure - Understand configuration layering - Understand configuration precedence - Use btool to examine configuration settings |
5% |
Splunk Indexes |
- Describe index structure - List types of index buckets - Check index data integrity - Describe indexes.conf options - Describe the fishbucket - Apply a data retention policy |
10% |
Splunk User Management |
- Describe user roles in Splunk - Create a custom role - Add Splunk users |
5% |
Splunk Authentication Management |
- Integrate Splunk with LDAP - List other user authentication options - Describe the steps to enable Multifactor Authentication in Splunk |
5% |
Getting Data In |
- Describe the basic settings for an input - List Splunk forwarder types - Configure the forwarder - Add an input to UF using CL |
5% |
Distributed Search |
- Describe how distributed search works - Explain the roles of the search head and search peers - Configure a distributed search group - List search head scaling options |
10% |
Getting Data In - Staging |
- List the three phases of the Splunk Indexing process - List Splunk input options |
5% |
Configuring Forwarders |
- Configure Forwarders - Identify additional Forwarder options |
5% |
Forwarder Management |
- Explain the use of Deployment Management - Describe Splunk Deployment Server - Manage forwarders using deployment apps - Configure deployment clients - Configure client groups - Monitor forwarder management activities |
10% |
Monitor Inputs |
- Create file and directory monitor inputs - Use optional settings for monitor inputs - Deploy a remote monitor input |
5% |
Network and Scripted Inputs |
- Create network (TCP and UDP) inputs - Describe optional settings for network inputs - Create a basic scripted input |
5% |
Agentless Inputs |
- Creating Windows Management Instrumentation (WMI) inputs - Describe HTTP Event Collector |
5% |
Fine Tuning Inputs |
- Understand the default processing that occurs during input phase - Configure input phase options, such as sourcetype fine-tuning and character set encoding |
5% |
Parsing Phase and Data |
- Understand the default processing that occurs during parsing - Optimize and configure event line breaking - Explain how timestamps and time zones are extracted or assigned to events - Use Data Preview to validate event creation during the parsing phase |
5% |
Manipulating Raw Data |
- Explain how data transformations are defined and invoked - Use transformations with props.conf and transforms.conf to:
- Use SEDCMD to modify raw data |
5% |
To ensure success in Splunk Enterprise Administrator certification exam, we recommend authorized training course, practice test and hands-on experience to prepare for Splunk Enterprise Certified Admin (SPLK-1003) exam.