There are 3 main components in Splunk:

1. Splunk Forwarder - It is used to collect the logs from the various remote log sources.

2. Splunk Indexer - It is used to store the data coming from Forwarder. Here the data is parsed into events. The search query is fulfilled by Indexer.

3. Splunk Search Head - It provides a GUI from where we can interact with Splunk. All the search and queries are performed here.

This is the brief explanation of Splunk Architecture. 

