Splunk Enterprise Security Certified Analyst — Question 2

A customer has a number of inefficient regex replacement transforms being applied. When under heavy load the indexers are struggling to maintain the expected indexing rate. In a worst case scenario, which queue(s) would be expected to fill up?

Answer options

Correct answer: A

Explanation

The correct answer is A because when the indexers are overwhelmed, multiple queues such as Typing, merging, parsing, and input can become backed up due to their interdependencies. Options B and C only consider a single queue, which does not account for the broader impact of heavy load on the overall indexing process. Option D, while inclusive of many queues, is too broad and does not specifically highlight the most affected ones.