SPLK-1003 · Question #170
SPLK-1003 Question #170: Real Exam Question with Answer & Explanation
The correct answer is C: Distributed search. Distributed search is the feature that allows search heads in a company's European offices to search data in their New York offices. Distributed search also enables restricting access to certain indexers by using the splunk_server field or the server.conf file. Distributed search
Question
Search heads in a company's European offices need to be able to search data in their New York offices. They also need to restrict access to certain indexers. What should be configured to allow this type of action?
Options
- AIndexer clustering
- BLDAP control
- CDistributed search
- DSearch head clustering
Explanation
Distributed search is the feature that allows search heads in a company's European offices to search data in their New York offices. Distributed search also enables restricting access to certain indexers by using the splunk_server field or the server.conf file. Distributed search is a way to scale your Splunk deployment by separating the search management and presentation layer from the indexing and search retrieval layer. With distributed search, a Splunk instance called a search head sends search requests to a group of indexers, or search peers, which perform the actual searches on their indexes. The search head then merges the results back to the user. Distributed search has several use cases, such as horizontal scaling, access control, and managing geo-dispersed data. For example, users in different offices can search data across the enterprise or only in their local area, depending on their needs and permissions.
Topics
Community Discussion
No community discussion yet for this question.