Splunk Core Certified Advanced Power User — Question 94

When running a real-time search, search results are pulled from which Splunk component?

Answer options

• A. Heavy forwarders and seach peers
• B. Heavy forwarders
• C. Search heads
• D. Search peers

Correct answer: D

Explanation

The correct answer is D, as search peers are responsible for storing indexed data and performing the search queries. Heavy forwarders and search heads play different roles in data forwarding and search coordination, but they do not directly provide search results during a real-time search.