|
Answer» As shown below, Splunk ARCHITECTURE is composed of three main components: - Splunk Forwarder: These are components that you use to COLLECT MACHINE data/logs. This is responsible for gathering and forwarding real-time data with less processing power to Indexer. Splunk forwarder performs cleansing of data depending on the type of forwarder used (Universal or Heavy forwarder).
- Splunk Indexer: The indexer allows you to index i.e., transform raw data into events and then store the results data coming from the forwarder. Incoming data is processed by the indexer in real-time. Forwarder transforms data into events and stores them in indexes to enable search operations to be performed efficiently.
- Search Head: This component is used to interact with Splunk. It lets users perform various operations like PERFORMING queries, analysis, ETC., on stored data through a graphical user interface. Users can perform searches, analyze data, and report results.
|
