Splunk Core Certified User — Question 110

Which component of Splunk let us write SPL query to find the required data?

Answer options

• A. Forwarders
• B. Indexer
• C. Heavy Forwarders
• D. Search head

Correct answer: D

Explanation

The Search head is the Splunk component designed for executing searches and running SPL queries to retrieve data. Forwarders and Heavy Forwarders are primarily used for data collection and forwarding, while the Indexer is responsible for storing and indexing the data, not for running queries.