The “Splunk Enterprise Certified Administrator” certification is designed for individuals responsible for the day-to-day administration and maintenance of a Splunk Enterprise environment. This certification is ideal for various professionals, including career builders looking to advance their Splunk skills, platform administrators managing Splunk Enterprise environments, and enterprise security administrators responsible for Splunk Enterprise Security environments.
The exam for this certification is a professional-level exam and has the following details:
- Prerequisites: Splunk Core Certified Power User
- Exam length: 60 minutes
- Format: 56 multiple-choice questions
- Pricing: $130 USD per exam attempt
- Delivery: Exam is administered by Pearson VUE
The exam covers various topics related to Splunk administration, including Splunk Admin Basics, License Management, Splunk Configuration Files, Splunk Indexes, User Management, Authentication Management, Getting Data In, Distributed Search, Forwarder Management, Monitor Inputs, Network and Scripted Inputs, Fine-Tuning Inputs, Parsing Phase and Data, Manipulating Raw Data, and more.
Candidates can prepare for the exam by referencing the Splunk How-To YouTube Channel, Splunk Docs, and drawing from their own Splunk experience. There are also recommended training courses available in the Splunk Enterprise Certified Admin Learning Path.
Upon successful completion of the exam, candidates will earn the Splunk Enterprise Certified Administrator certification.
Difficulty: 1 out of 5.
The Splunk Enterprise Certified Admin cert is a hyper vendor-specific cert that could prove useful in certain situations. If any of those situations involve Splunk that is. Luckily, this particular SIEM is the current industry leader, so it may make you stand out just a tad bit more, especially as a consultant.
The test itself isn't very difficult, just your bog standard multiple-choice questions.
The material centers around how to set up from start to finish, a Splunk install with a few curveballs thrown into the mix. Not challenging, not engaging, not hard. It could really benefit by changing it into a practical exam instead.
Overall, if you think you're going to be working with Splunk a lot either now or in the future, AND you think that might involve troubleshooting or setting up an actual install. Definitely consider it. If you think you're going to work with Splunk now or in the future as a SOC analyst, I'd recommend the Certified Power User and Advanced Power User certs instead.