After a few years as a Splunk Administrator it was finally time for me to get my Splunk Enterprise Architect certification. In this blog I will share my journey through the different courses and what I did to prepare myself for the practical and theoretical exams.
Before starting your Splunk architect courses you should have the following certifications:
Make sure these certifications are still valid since they expire 3 years after obtaining them. You can still follow the courses for Splunk Enterprise Architect if they have expired, but you will not be able to take the last exam at Pearson VUE until you renew them both.
These are the three courses you have to follow:
Prerequisite Courses :
During two of the three required courses you will have access to lab environments, use the time you have left after completing the assignment to look at the assignments and make notes on the commands you used.
Make sure you make notes during the courses about best practices and things like search factor/replication factor and site settings, these notes will help you out when you take the practical lab.
Since you are required to do a practical lab to obtain the Enterprise Architect certification I highly recommend building your own Splunk environment lab. If you have a pc or laptop with 16 GB you could use a couple of VM’s with minimal cpu/memory (1/1GB) to build your own Splunk clusters. For a cluster you could build something like the following set up:
For a license you could request a developer license at:
https://dev.splunk.com/enterprise/dev_license/
That way you really get some experience with setting up a Splunk environment.
For the practical lab you have a Webex call the first 4 hours with one of the Splunk trainers.
Use these 4 hours to make sure that you understand what you should be building. Don’t start at the beginning without looking at all the steps that you should be going through.
Once you have all the information you need to build a Splunk environment you can start but make sure you take notes during the configuration.
You will get 24 hours to complete the environment and sent a mail to the trainer, if you have built Splunk environments in the past then you could finish in 4 to 6 hours. If you have never build a Splunk environment then it will likely take about 10 hours so make sure you have enough time allocated in your calendar to focus on the practical lab.
Once you have passed the practical lab you will get access to the exam at Pearson VUE if you have the power and admin certification, this one is just like any other Splunk exam. Make sure you read through all the provided documents and your notes from the courses and you should be able to pass this exam and become an official Splunk Enterprise Architect.
Links:
Splunk Enterprise Architect track:
https://www.splunk.com/en_us/pdfs/training/splunk-enterprise-certified-architect-track.pdf