Splunk Core Certified Advanced Power User — Question 66

Which of the following statements describes how distributed search works?

Answer options

• A. Forwarders pull data from the search peers.
• B. Search heads store a portion of the searchable data.
• C. The search head dispatches searches to the search peers.
• D. Search results are replicated within the indexer cluster.

Correct answer: C

Explanation

The correct answer is C because the search head is responsible for distributing search requests to the search peers for processing. Option A is incorrect as forwarders do not pull data; they send data to the indexers. Option B is misleading since search heads primarily coordinate searches rather than store large amounts of data. Option D is also wrong because replication of search results is not a standard operation within the indexer cluster.