Which of the following is NOT performed via Splunk Cloud Search Heads?

The correct choice indicates that defining inputs and configuring parsing is not performed via Splunk Cloud Search Heads. Splunk Search Heads are primarily utilized for searching, visualizing, and analyzing data that has already been ingested and indexed. They handle user queries and provide a platform for creating dashboards, reports, and alerts based on the data stored in indexes.

On the other hand, defining inputs and configuring parsing is a function carried out by the indexers or forwarders in the Splunk architecture. This is where raw data is collected and processed before it reaches the Search Heads for analysis. The data is parsed and indexed in these earlier stages, thus separating the functions of data ingestion and data search/analysis within Splunk's ecosystem.

The other options involve functions more appropriate for the Search Heads. Creating and managing indexes typically involves configuring and maintaining the data repositories where the information is stored, which is a core responsibility of the indexers rather than the Search Heads. Integrating with LDAP/SAML relates to authentication and user management, which Search Heads facilitate by supporting various authentication methods. Managing knowledge objects, such as saved searches and lookups, is also within the scope of what Search Heads do since they provide the interface for users to interact with these objects.