Is there any way to optimize this query to increas... - Splunk Community

Splunk Search

We are trying to create a query to get list of fields in all sourcetypes grouped by sourcetype and index.

We tried to use following query but it's performance is very slow.

| tstats count WHERE index IN(main,_introspection) GROUPBY index, sourcetype
| rename index AS indexname, sourcetype AS sourcetypename
| map maxsearches=100 search="| search index=\"$indexname$\" sourcetype=\"$sourcetypename$\" | head 1|fieldsummary | eval index=\"$indexname$\", sourcetype=\"$sourcetypename$\" | WHERE NOT isnull(mean) | fields index, sourcetype, field"

Since there can be any number of sourcetypes(350+ for index=main), maxsearches cannot be set to such a high number.

Is there any way to optimize this query to increase performance or any other query that will do the job without any performance lag?

Get Updates on the Splunk Community!

Enter the Splunk Community Dashboard Challenge for Your Chance to Win!

The Splunk Community Dashboard Challenge is underway! This is your chance to showcase your skills in creating ...

.conf24 | Session Scheduler is Live!!

.conf24 is happening June 11 - 14 in Las Vegas, and we are thrilled to announce that the conference catalog ...

Introducing the Splunk Community Dashboard Challenge!

Welcome to Splunk Community Dashboard Challenge! This is your chance to showcase your skills in creating ...