Hi richgalloway, Its an interview question, which I was unable to answer it, so could guide me on the proper answer to this question.

thanks.

Hi Guys can any one update me on this ?

Regarding streaming and non-streaming commands, got the below detail on how the commands are executed.

Streaming commands - operates on each event as it is returned by a search. Think of applying "function/transformation" to each event and then writing out the result of that operation. An example of such a command might be a command that adds a field to each event.

Non-streaming commands - Expects to have all the data before it operates on it. An example of a non-streaming command is the stats command, which will collect all the data before it can calculate the statistics.

Similarly for the below question let me know whether answer to the question is correct or not!
1) How to list the indexes details available in splunk search heads?

We can the indexes configured in splunk searched by login into splunk web portal --> settings --> indexes.
By executing the splunk btool command from the search head instances to find the list of indexes available in splunk search head.

./splunk btool indexes list --debug | less

Your splunk btool indexes list --debug just reflects what is in your indexes.conf files. This could fit the active indexes, but only after a restart of Splunk after changes to any your indexes.conf files.

You can also use REST API endpoints (with | rest command) to know indexes created.
http://docs.splunk.com/Documentation/Splunk/6.2.6/RESTREF/RESTintrospect#data.2Findexes

| rest /services/data/indexes splunk_server=local