if i am using without tstats  i am getting one value, when i am using tstats i am getting different value.
both values are not matching.

Then you need to illustrate what did you do "without tstats", perhaps also results from that (I assume that you believe those are accurate results) so others can understand your intentions and expectations.

Original query:
 index=att_acc_app  source=applicationissues.log
|timechart count by client_application_name span=1d

results:
_time                                       ccs     mop     zse          cfr

2023-01-02 00:00:00     10         223     100         12
2023-01-02 00:30:00     80         283     800          67


query using tstats:
|tstats count where index=att_acc_app  source=applicationissues.log  by PREFIX(client_application_name=) _time span=1d
|rename client_application_name= as client-application-name
|timechart count by  client-application-name span=1d

results:
_time                                       ccs     mop     zse          cfr

2023-01-02 00:00:00     5         23            0         11
2023-01-02 00:30:00     90       83        80          69

This suggests that in some events, values are extracted into client_application_name without being in the immediate right side of the equal sign.  For example, event may contain "client_application_name = mop" and Splunk will assign "mop" to client_application_name.

One way to test this can be

index=att_acc_app  source=applicationissues.log
client_application_name = mop NOT "client_application_name=mop"