Splunk Enterprise Security Certified Analyst — Question 36

As a best practice which of the following should be used to ingest data on clustered indexers?

Answer options

• A. Monitoring (via a process), collecting data (modular inputs) from remote systems/applications
• B. Modular inputs, HTTP Event Collector (HEC), inputs.conf monitor stanza
• C. Actively listening on ports, monitoring (via a process), collecting data from remote systems/applications
• D. splunktcp, splunktcp-ssl, HTTP Event Collector (HEC)

Correct answer: B

Explanation

Option B is correct because it specifies using modular inputs and the HTTP Event Collector (HEC), which are optimal for data ingestion in clustered environments. The other options either miss key components necessary for effective ingestion or suggest methods that are less efficient for clustered indexers.