Hello;

I've got this request running on my searchhead server:
Job report : "This search has completed and has returned 1 101 résults by scanning 29 230 690 events in 860,672 seconds"
Execution time : 860,672 seconds aka 14 minutes and 20 seconds, running on "previous week"

Here is the request:

index=csmsi_supervision_active u_ci_name=PE* cmd=check_interface_traffic 
| fields u_ci_name, svc, ds, traffic_in_bps, traffic_out_bps, if_alias, _time
| dedup svc, ds
| eval Kbps_In=traffic_in_bps/1000, Kbps_Out=traffic_out_bps/1000, Periode=strftime(_time,"%Y-%V")
| rex field=if_alias "(?.*_vers_(?:(?:PE)|(?:P0)|(?:P1)|(?:CE)).*)"
| stats  avg(Kbps_In) as "In_Moy", exactperc90(Kbps_In) as "In_Perc90", max(Kbps_In) as "In_Max",  avg(Kbps_Out) as "Out_Moy", exactperc90(Kbps_Out) as "Out_Perc90", max(Kbps_Out) as "Out_Max" , values(Periode) as "Periode", latest(_time) as "_time"  by u_ci_name, rex_if_alias
| table Periode u_ci_name rex_if_alias In_Moy In_Perc90 In_Max Out_Moy Out_Perc90 Out_Max _time

I read that using accelerated datamodels could reduce my request duration....
So I started to build one...

datamodel_name : CSMSI_ARGOSS_Active_Metrics (rebuilt)
node_name : metrics
node_childs : icmp and traffic are just each one hiding few fields depending witch one I need or not

Here is my request using datamodel :

|tstats summariesonly=true 
 values(metrics.u_ci_name) as u_ci_name, 
 values(metrics.svc) as svc, 
 values(metrics.ds) as ds, 
 values(metrics.traffic_in_bps) as traffic_in_bps, 
 values(metrics.traffic_out_bps) as traffic_out_bps, 
 values(metrics.if_alias) as if_alias
 From datamodel=CSMSI_ARGOSS_Active_Metrics 
 Where nodename=metrics u_ci_name=PE*
| fields u_ci_name, svc, ds, traffic_in_bps, traffic_out_bps, if_alias, _time
| dedup svc, ds
| eval Kbps_In=traffic_in_bps/1000, Kbps_Out=traffic_out_bps/1000, Periode=strftime(_time,"%Y-%V")
| rex field=if_alias "(?.*_vers_(?:(?:PE)|(?:P0)|(?:P1)|(?:CE)).*)"
| stats  avg(Kbps_In) as "In_Moy", exactperc90(Kbps_In) as "In_Perc90", max(Kbps_In) as "In_Max",  avg(Kbps_Out) as "Out_Moy", exactperc90(Kbps_Out) as "Out_Perc90", max(Kbps_Out) as "Out_Max" , values(Periode) as "Periode", latest(_time) as "_time"  by u_ci_name, rex_if_alias
| table Periode u_ci_name rex_if_alias In_Moy In_Perc90 In_Max Out_Moy Out_Perc90 Out_Max _time

but do not give result (0 results found) in "8 seconds executing time" according to search.log

My question is, where is my issue?
ps1: 1st time I write this kind of request
ps2: I've got other request running on "previous month" and aborting after +2hours by timeout

Thanks for helping 😉