Multiple Indexes in Splunk

Why does Splunk allow you to setup Multiple Indexes? One should be enough right?

There are several reasons for creating multiple indexes.

1.) Data Separation for Access Control \ Security. Create indexes and delegate permissions to those indexes.
2.) Data Retention Policies. Create different indexes that can be different sizes.
3.) Different Storage Locations. Some indexes might be less important and can be held on slower less expensive storage.
4.) Optimized Queries. Searching on one subset of data rather than the whole pie can have some performance implications.