1
00:00:01,240 --> 00:00:02,070
Moving on.

2
00:00:02,080 --> 00:00:10,360
The next component of Splunk is the indexer, which is the core component of any Splunk installation.

3
00:00:10,570 --> 00:00:19,180
The indexer is the one which does hold heavy lifting in a Splunk environment, and indexer is the place

4
00:00:19,180 --> 00:00:22,120
where all the data will be stored on the Splunk.

5
00:00:23,560 --> 00:00:29,530
The more efficient your indexer is, the more better your Splunk environment health will be.

6
00:00:30,310 --> 00:00:36,190
To define an indexer, it is a component of Splunk where the data is passed.

7
00:00:36,190 --> 00:00:37,450
When I say pass.

8
00:00:37,480 --> 00:00:43,030
It is known as breaking down of events into smaller, manageable pieces by Splunk.

9
00:00:43,060 --> 00:00:51,610
So to define an indexer, it is a component of Splunk where the data is passed or broken down.

10
00:00:52,430 --> 00:00:55,130
And stored in the indexer.

11
00:00:57,080 --> 00:01:03,470
The role of the indexer is to pass the data and to pass the data inside Splunk.

12
00:01:03,470 --> 00:01:11,240
And this stored data is where all your queries that are run by the searcher for fetching reports or

13
00:01:11,240 --> 00:01:18,650
creating alerts will be run and the results will be given back to the searcher for visualization or

14
00:01:18,650 --> 00:01:20,480
sending it out an email.