SOC Experts Community - Beta
1 like 0 dislike
in SIEM by (1.2k points)

1 Answer

0 like 0 dislike
by (800 points)

There are 3 main components in Splunk:

1. Splunk Forwarder - It is used to collect the logs from the various remote log sources.

2. Splunk Indexer - It is used to store the data coming from Forwarder. Here the data is parsed into events. The search query is fulfilled by Indexer.

3. Splunk Search Head - It provides a GUI from where we can interact with Splunk. All the search and queries are performed here.

This is the brief explanation of Splunk Architecture. 

SOC Experts - No. 1 Job Oriented Cybersecurity Training Program

View our Courses