Although D is correct for IDX clusters, the answer says "only" which is incorrect because the app is used for single IDX as well and can be pushed by the deployment server. The question never mentions clustered IDX.
After installing Splunk Enterprise Security (ES) on the search head(s) and running the distributed configuration management tool, you should deploy Splunk_TA_ForIndexers.spl to the indexers. This ensures that the necessary configurations and knowledge objects are properly distributed and applied to the indexers.
Correct answer D ! See instructions from Admin ES: • Install ES on the Deployer
1. On the Splunk toolbar, select Apps > Manage Apps and click
Install app from file
2. Click Choose File and select the Splunk Enterprise Security file
3. Click Upload to begin the installation
4. Click Continue to app setup page
5. Click Start Configuration Process, and wait for it to complete
6. Use the Deployer to deploy ES to the cluster members. From the Deployer
run: splunk apply shcluster-bundle
Splunk_TA_ForIndexers.spl is created only for clustered indexer environment
https://docs.splunk.com/Documentation/ES/6.1.0/Install/InstallTechnologyAdd-ons#Create_the_Splunk_TA_ForIndexers_and_manage_deployment_manually
A voting comment increases the vote count for the chosen answer by one.
Upvoting a comment with a selected answer will also increase the vote count towards that answer by one.
So if you see a comment that you already agree with, you can upvote it instead of posting a new comment.
BMO
Highly Voted 3 years, 7 months ago6589077
Most Recent 4 weeks, 1 day agokiragi
2 months agojaemon22
6 months, 4 weeks agodohatelo
8 months, 2 weeks agovasudvn
1 year agoandy73
3 years agooksey
4 years, 3 months ago