Which Splunk component does a search head primarily communicate with?
Which Splunk component does a search head primarily communicate with?
The search head in Splunk primarily communicates with the indexer. When a user submits a search request, the search head distributes this request to the indexers, which then search their local data stores. The indexer processes the raw data and provides search results back to the search head, which in turn consolidates and displays the results to the user.
A. Indexer
Per the provided Splunk URL reference https://docs.splunk.com/Documentation/Splunk/7.3.1/InheritedDeployment/Deploymenttopology "Search heads manage searches. They handle search requests from user and distribute the requests across the set of indexers, which search their local data. The search head then consolidates the results from all of the indexers and serves them to the users."
A is correct
Ambiguous, It also could be the Cluster master, depending if we are adding a SH for the first time or we're just running a search...