Hello,
New to Splunk here, we are using Splunk Enterprise and have multiple apps and add-ons for Splunk.
Is there a difference in search results/performance between using the "Search and Reporting" app or the "Search" within the Palo Alto Networks App for Splunk, as an example, if only from a query perspective.
This is posed under the assumption that both apps have appropriate permissions on the indexes they are searching. I.E. running the following search in the Palo Alto App search as well as Search and Reporting:
`index=* sourcetype=pan:threat `
EDIT:
Realized my question was originally too vague and did not include enough information.
↧