Splunk Enterprise Security Certified Admin — Question 39

To which of the following should the ES application be uploaded?

Answer options

• A. The indexer.
• B. The KV Store.
• C. The search head.
• D. The dedicated forwarder.

Correct answer: C

Explanation

The correct answer is C, as the ES application is specifically designed to be deployed on the search head for optimal performance and functionality. The indexer is responsible for data ingestion, the KV Store stores key-value pairs, and the dedicated forwarder is used for data forwarding, none of which are suitable locations for the ES application.