Breifly advise how Splunk works?

We can divide the working of Splunk into three main parts:

  • Forwarder: You can see it as a dumb agent whose main task is to collect the data from various sources like remote machines and transfer it to the indexer.
  • Indexer: The indexer will then process the data in real-time and store & index it on the localhost or cloud server.
  • Search Head: It allows the end-user to interact with the data and perform various operations like searching, analyzing, and visualizing the information.