If a user is added as local admin and also local admin group. What's the difference and is there any security risk?
as @inventsekar said, your question isn't clear:
are you speaking of windows administrators or Splunk administrators?
if Windows, this isn't the right site to put this question;
if Splunk, in Splunk there's one level of administration by default, if you create different levels of administrators it's a your customization.
So if you want our opinion about creating two levels of administrators, the only answer can be: it depends on your architecture and organization.
In other words, you can create one or more administrators groups that manage only a part of infrastructure (e.g. one site each one), and a super admininstrator that manage all the infrastructure, but, as I said, it depends on your infrastructure and organization and it isn't possible to give an opinion without knowing them.
Generally I can say that, if you have a large infrastructure, it could be a good idea delegating part of administration to a second level administrators, but it gives to your organization more difficoulties in management and design of roles and grants.