Which of the following statements describes how distributed search works?
Which of the following statements describes how distributed search works?
In distributed search within the context of Splunk, the search head is responsible for dispatching search requests to the search peers, which are often indexers. The search peers then execute the search query and return the resulting data back to the search head, which consolidates the results and presents them to the user. This process allows for effective distribution and handling of large search volumes across multiple servers.
My ans is C
Agreed C. Quoting the Splunk reference URL https://docs.splunk.com/Documentation/Splunk/8.2.2/DistSearch/Configuredistributedsearch "To activate distributed search, you add search peers, or indexers, to a Splunk Enterprise instance that you desingate as a search head. You do this by specifying each search peer manually."
Agreed, Answer is C
C. The search head dispatches searches to the search peers. Sys Admin PDF Page 180 - 4. The search head dispatches searches to the indexer (Search Peers)
Should be C. Question not mentions the indexer cluster, so D is irrelevant
The right answer is C
ans is C
C is correct System Admin page 190
How can these official answers be so wrong! It's C. D makes no sense at all.
D is wrong because buckets are replicated within indexer cluster. The correct answer is C, as per slide 185 from Splunk 7.3 System Admin course, from 2019