Hello,
New to Splunk here, we are using Splunk Enterprise and have multiple apps and add-ons for Splunk.
Is there a difference in search results/performance between using the "Search and Reporting" app or the "Search" within the Palo Alto Networks App for Splunk, as an example, if only from a query perspective.
This is posed under the assumption that both apps have appropriate permissions on the indexes they are searching. I.E. running the following search in the Palo Alto App search as well as Search and Reporting:
index=* sourcetype=pan:threat
EDIT:
Realized my question was originally too vague and did not include enough information.
The search in the Palo alto app is the same thing as the search for the Search and reporting app. They won't differ in performance at all.
The search in the Palo alto app is the same thing as the search for the Search and reporting app. They won't differ in performance at all.
My original question was a broader scope, does the Search and Reporting app act as kind-of a catchall for searching across any app?
Really any search interface will have that ability to search across all your data. You are limited by which role you are logged into and the roles access to data.
The search and reporting app is just the default app Splunk ships with.