All Apps and Add-ons
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
Ask a Question
Solved! Jump to solution

Is there a search performance difference between using the Splunk Search and Reporting App vs Palo Alto Networks App for Splunk?

LinuxEngi
New Member
‎03-13-2017 08:01 AM

Hello,

New to Splunk here, we are using Splunk Enterprise and have multiple apps and add-ons for Splunk.

Is there a difference in search results/performance between using the "Search and Reporting" app or the "Search" within the Palo Alto Networks App for Splunk, as an example, if only from a query perspective.

This is posed under the assumption that both apps have appropriate permissions on the indexes they are searching. I.E. running the following search in the Palo Alto App search as well as Search and Reporting:

index=* sourcetype=pan:threat

EDIT:

Realized my question was originally too vague and did not include enough information.

0 Karma
Reply
1 Solution
Solved! Jump to solution
Solution

kmccririe_splun
Splunk Employee
Splunk Employee
‎03-13-2017 09:21 AM

The search in the Palo alto app is the same thing as the search for the Search and reporting app. They won't differ in performance at all.

View solution in original post

0 Karma
Reply
Solved! Jump to solution
Solution

kmccririe_splun
Splunk Employee
Splunk Employee
‎03-13-2017 09:21 AM

The search in the Palo alto app is the same thing as the search for the Search and reporting app. They won't differ in performance at all.

0 Karma
Reply
Solved! Jump to solution

LinuxEngi
New Member
‎03-13-2017 09:23 AM

My original question was a broader scope, does the Search and Reporting app act as kind-of a catchall for searching across any app?

0 Karma
Reply
Solved! Jump to solution

kmccririe_splun
Splunk Employee
Splunk Employee
‎03-13-2017 09:38 AM

Really any search interface will have that ability to search across all your data. You are limited by which role you are logged into and the roles access to data.

The search and reporting app is just the default app Splunk ships with.

0 Karma
Reply
Get Updates on the Splunk Community!

Introducing Splunk Enterprise 9.2

WATCH HERE! Watch this Tech Talk to learn about the latest features and enhancements shipped in the new Splunk ...

Adoption of RUM and APM at Splunk

    Unleash the power of Splunk Observability   Watch Now In this can't miss Tech Talk! The Splunk Growth ...

Routing logs with Splunk OTel Collector for Kubernetes

The Splunk Distribution of the OpenTelemetry (OTel) Collector is a product that provides a way to ingest ...