Solved: Is there a search performance difference between u...

LinuxEngi · ‎03-13-2017

Hello,

New to Splunk here, we are using Splunk Enterprise and have multiple apps and add-ons for Splunk.

Is there a difference in search results/performance between using the "Search and Reporting" app or the "Search" within the Palo Alto Networks App for Splunk, as an example, if only from a query perspective.

This is posed under the assumption that both apps have appropriate permissions on the indexes they are searching. I.E. running the following search in the Palo Alto App search as well as Search and Reporting:

index=* sourcetype=pan:threat

EDIT:

Realized my question was originally too vague and did not include enough information.

kmccririe_splun · ‎03-13-2017

The search in the Palo alto app is the same thing as the search for the Search and reporting app. They won't differ in performance at all.

View solution in original post

kmccririe_splun · ‎03-13-2017

The search in the Palo alto app is the same thing as the search for the Search and reporting app. They won't differ in performance at all.

LinuxEngi · ‎03-13-2017

My original question was a broader scope, does the Search and Reporting app act as kind-of a catchall for searching across any app?

kmccririe_splun · ‎03-13-2017

Really any search interface will have that ability to search across all your data. You are limited by which role you are logged into and the roles access to data.

The search and reporting app is just the default app Splunk ships with.

Is there a search performance difference between using the Splunk Search and Reporting App vs Palo Alto Networks App for Splunk?

More Control Over Your Monitoring Costs with Archived Metrics!

New in Observability Cloud - Explicit Bucket Histograms

Updated Team Landing Page in Splunk Observability