Re: Specify App Name in Splunk Query

VS0909 · ‎07-19-2021

I want to execute a query in app1, but I want to get the data from app2

For eg:

Execute query in app1 "index="abc", This should get the data from app2

Please help!

VS0909 · ‎07-19-2021

Hi, Can I specify app name in Splunk query?

VS0909 · ‎07-19-2021

Can someone please help on the below query?

I am using index="abc" . When I run this in app1 and app2, I get different data. I am selecting app from Splunk UI.

Can I specify app name in Splunk query?

richgalloway · ‎07-19-2021

When you say "I get different data" do you mean different events or different fields? Getting different fields is expected if the field extractions are limited to the app in which they are installed. If you change them to Global access then any app should see them.

---
If this reply helps you, Karma would be appreciated.

VS0909 · ‎07-19-2021

I am using index="abc" . When I run this in app1 and app2, I get different data. I am selecting app from Splunk UI.

Can I specify app name in Splunk query?

richgalloway · ‎07-19-2021

Apps don't contain data - indexes do.

Please describe the problem you are trying to solve.

---
If this reply helps you, Karma would be appreciated.

Specify App Name in Splunk Query

count

eval

field extraction

stats

subsearch

Introducing the 2024 SplunkTrust!

Introducing the 2024 Splunk MVPs!

Splunk Custom Visualizations App End of Life