Splunk Enterprise Security Certified Analyst — Question 17

Which of the following statements applies to indexer discovery?

Answer options

• A. The Cluster Master (CM) can automatically discover new indexers added to the cluster.
• B. Forwarders can automatically discover new indexers added to the cluster.
• C. Deployment servers can automatically configure new indexers added to the cluster.
• D. Search heads can automatically discover new indexers added to the cluster.

Correct answer: B

Explanation

The correct answer is B because forwarders have the capability to automatically discover new indexers in the cluster. Option A is incorrect as the Cluster Master does not handle indexer discovery; it manages the cluster. Option C is wrong since deployment servers are responsible for configuring devices, not for discovering new indexers. Option D is also incorrect because search heads focus on search functionalities rather than discovering indexers.