Splunk Enterprise Certified Architect Practice Test

Using a Universal Forwarder adds reliability in syslog delivery because it ensures that data is reliably transferred and acknowledged, even in cases of network issues. Universal Forwarders are designed to handle data input and forwarding to Splunk indexers, supporting both TCP and UDP protocols. When configured to use TCP, for example, the Universal Forwarder can ensure that messages are sent reliably since TCP provides mechanisms for error checking and flow control. This makes it particularly suited for environments where data integrity and delivery guarantee are critical. In contrast, relying solely on one syslog server does not account for redundancy and failover options, which can compromise reliability in case of a server failure or network outage. Additionally, using only UDP may lead to packet loss, as UDP does not guarantee delivery, and performance benefits can come at the cost of data integrity. Therefore, utilizing a Universal Forwarder is a reliable method for ensuring the proper and consistent delivery of logs to the designated destination, making it the correct choice in this context.