The three main components of Splunk are the search head, the indexer, and the forwarder. The search head is responsible for enabling users to search and analyze data. The indexer processes the incoming data and stores it in indexes for efficient retrieval. The forwarder is a lightweight component that sends data to the indexer. These components work together to handle data collection, indexing, and searching within Splunk.