Splunk Core Certified Advanced Power User — Question 58

The volume of data from collecting log files from 50 Linux servers and 200 Windows servers will require multiple indexers. Following best practices, which types of
Splunk component instances are needed?

Answer options

• A. Indexers, search head, universal forwarders, license master
• B. Indexers, search head, deployment server, universal forwarders
• C. Indexers, search head, deployment server, license master, universal forwarder
• D. Indexers, search head, deployment server, license master, universal forwarder, heavy forwarder

Correct answer: C

Explanation

The correct answer is C because it includes all necessary components to manage and scale the data collection effectively: indexers for data storage, a search head for querying, a deployment server for managing configurations, a license master for licensing compliance, and a universal forwarder for data forwarding. Options A and B are missing essential components like the license master and deployment server, respectively, while option D includes an unnecessary heavy forwarder, which is not required in this scenario.