Search failed with error msg:
Error in 'IndexScopedSearch': The search failed. More than 1000000 events found at time 1554154800.
How do I find out what source/sourcetype/event caused this issue?
I have tried a couple of queries:
*somecontents earliest=1554154800 | head 1000
It takes a long time — still on going and nothing matched
*somecontents earliest=1554154799 latest=1554154801
| head 1000
Returns the same search failure error.
Any help is appreciated!