Can someone please help on the below query?
I am using index="abc" . When I run this in app1 and app2, I get different data. I am selecting app from Splunk UI.
Can I specify app name in Splunk query?
When you say "I get different data" do you mean different events or different fields? Getting different fields is expected if the field extractions are limited to the app in which they are installed. If you change them to Global access then any app should see them.