Splunk Core Certified Advanced Power User — Question 10
Which Splunk component consolidates the individual results and prepares reports in a distributed environment?
Answer options
- A. Indexers
- B. Forwarder
- C. Search head
- D. Search peers
Correct answer: C
Explanation
The correct answer is C, the Search head, as it is responsible for consolidating results from multiple sources and creating reports. Indexers (A) store and index data but do not prepare reports, while Forwarders (B) send data to indexers and Search peers (D) assist in distributing search requests but do not generate reports themselves.