Which component is responsible for collecting log data from various sources?

The component responsible for collecting log data from various sources is the Forwarder. Forwarders act as agents installed on the machines where the log data is generated. They are designed to monitor specific files or data streams, gather that information, and then send it to the Splunk Indexer for processing and storage. This allows for efficient data collection from a variety of sources, including servers, applications, and network devices, ensuring that logs are continuously monitored and transmitted for analysis.

In contrast, while the Indexer stores and processes the collected data, the Search Head is responsible for querying and visualizing data. The Deployment Server serves to manage configurations and distribute apps to other Splunk components, but it does not directly collect data. Each component plays a specific role in the Splunk architecture, but it is the Forwarder that initiates the data collection process, making it the clear choice for this question.