Splunk Search

Specify App Name in Splunk Query

VS0909
Communicator

I want to execute a query in app1, but I want to get the data from app2

For eg:

Execute query in app1 "index="abc",  This should get the data from app2

Please help!

Labels (5)
0 Karma

VS0909
Communicator

Hi, Can I specify app name in Splunk query?

0 Karma

VS0909
Communicator

Can someone please help on the below query?

I am using index="abc" . When I run this in app1 and app2, I get different data. I am selecting app from Splunk UI.

Can I specify app name in Splunk query?

0 Karma

richgalloway
SplunkTrust
SplunkTrust

When you say "I get different data" do you mean different events or different fields?  Getting different fields is expected if the field extractions are limited to the app in which they are installed.  If you change them to Global access then any app should see them.

---
If this reply helps you, Karma would be appreciated.

VS0909
Communicator

I am using index="abc" . When I run this in app1 and app2, I get different data. I am selecting app from Splunk UI.

Can I specify app name in Splunk query?

0 Karma

richgalloway
SplunkTrust
SplunkTrust

Apps don't contain data - indexes do.

Please describe the problem you are trying to solve.

---
If this reply helps you, Karma would be appreciated.
0 Karma
Get Updates on the Splunk Community!

Stay Connected: Your Guide to July and August Tech Talks, Office Hours, and Webinars!

Dive into our sizzling summer lineup for July and August Community Office Hours and Tech Talks. Scroll down to ...

Edge Processor Scaling, Energy & Manufacturing Use Cases, and More New Articles on ...

Splunk Lantern is a Splunk customer success center that provides advice from Splunk experts on valuable data ...

Get More Out of Your Security Practice With a SIEM

Get More Out of Your Security Practice With a SIEMWednesday, July 31, 2024  |  11AM PT / 2PM ETREGISTER ...